westporch/20170722.wml

## 20170722.wml
<define-tag pagetitle>Updated Debian 9: 9.1 released</define-tag>
<define-tag release_date>2017-07-22</define-tag>
#use wml::debian::news
# $Id:

<define-tag release>9</define-tag>
<define-tag codename>stretch</define-tag>
<define-tag revision>9.1</define-tag>

<define-tag dsa>
    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
        <td align="center"><:
    my @p = ();
    for my $p (split (/,\s*/, "%2")) {
        push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
    }
    print join (", ", @p);
:></td></tr>
</define-tag>

<define-tag correction>
    <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td>              <td>%1</td></tr>
</define-tag>

<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>

<p>The Debian project is pleased to announce the first update of its
stable distribution Debian <release> (codename <q><codename></q>).
This point release mainly adds corrections for security issues,
along with a few adjustments for serious problems.  Security advisories
have already been published separately and are referenced where available.</p>

<p>Please note that the point release does not constitute a new version of Debian
<release> but only updates some of the packages included.  There is
no need to throw away old <q><codename></q> media. After installation,
packages can be upgraded to the current versions using an up-to-date Debian
mirror.</p>

<p>Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are
included in the point release.</p>

<p>New installation images will be available soon at the regular locations.</p>

<p>Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP mirrors.
A comprehensive list of mirrors is available at:</p>

<div class="center">
  <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>


<h2>Miscellaneous Bugfixes</h2>

<p>This stable update adds a few important corrections to the following
packages:</p>
<table border=0>
<tr><th>Package</th>               <th>Reason</th></tr>
<correction 3dchess                          "Reduce wasteful CPU consumption">
<correction adwaita-icon-theme               "Fix malformed send-to-symbolic icon">
<correction anope                            "Fix incorrect mail-transport-agent relationship">
<correction apt                              "Reset failure reason when connection was successful, so later errors are reported as such and not as <q>connection failure</q> warnings; http: A response with Content-Length: 0 has no content, so don't try to read it; use port from SRV record instead of initial port">
<correction avogadro                         "Update eigen3 patches">
<correction base-files                       "Update for the 9.1 point release">
<correction c-ares                           "Security fix [CVE-2017-1000381]">
<correction debian-edu-doc                   "Update Debian Edu Stretch manual from the wiki; update translations">
<correction debsecan                         "Add support for stretch and buster; Python needs https_proxy for proxy configuration with https:// URLs">
<correction devscripts                       "debchange: target stretch-backports with --bpo; support $codename{,-{proposed-updates,security}}; bts: add support for the new <q>a11y</q> tag">
<correction dgit                             "Multiple bugfixes">
<correction dovecot                          "Fix syntax errors when sending Solr queries">
<correction dwarfutils                       "Security fixes [CVE-2017-9052 CVE-2017-9053 CVE-2017-9054 CVE-2017-9055 CVE-2017-9998]">
<correction fpc                              "Fix conversion from local time to UTC">
<correction galternatives                    "Fix blank window when displaying properties">
<correction geolinks                         "Fix python3 dependencies">
<correction gnats                            "gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty">
<correction gnome-settings-daemon            "Do not add the <q>US</q> keyboard layout by default for new users, for some reason, this layout was preferred over the system configured one on the first login; preserve NumLock state between sessions by default">
<correction gnuplot                          "Fix memory corruption vulnerability">
<correction gnutls28                         "Fix breakage with AES-GCM in-place encryption and decryption on aarch64">
<correction grub-installer                   "Fix support for systems with a large number of disks">
<correction intel-microcode                  "Update included microcode">
<correction libclamunrar                     "Fix arbitrary memory write [CVE-2012-6706]">
<correction libopenmpt                       "Security fixes: out-of-bounds read while loading a malfomed PLM file; arbitrary code execution by a crafted PSM file [CVE-2017-11311]; various security fixes">
<correction libquicktime                     "Security fixes [CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128]">
<correction linux-latest                     "Revert changes to debug symbol meta-packages">
<correction nagios-nrpe                      "Restore previous SSL defaults">
<correction nvidia-graphics-drivers          "Bump Pre-Depends: nvidia-installer-cleanup to (&gt;= 20151021) for smoother upgrades from jessie">
<correction octave-ocs                       "Fix loading package functions">
<correction open-iscsi                       "Speed up Debian Installer when iSCSI is not used">
<correction openssh                          "Fix incoming compression statistics">
<correction openstack-debian-images          "Also add security updates for non wheezy/jessie">
<correction os-prober                        "EFI - look for <q>dos</q> instead of <q>msdos</q>">
<correction osinfo-db                        "Improve support for Stretch and Jessie">
<correction partman-base                     "Protect the firmware area on all mmcblk devices (and not only on mmcblk0) from being clobbered during guided partitioning">
<correction pdns-recursor                    "Add 2017 DNSSEC root key">
<correction perl                             "Backport various Getopt-Long fixes from upstream 2.49..2.51; backport upstream patch fixing regexp <q>Malformed UTF-8 character</q>; apply upstream base.pm no-dot-in-inc fix">
<correction phpunit                          "Security fix: arbitrary PHP code execution via HTTP POST">
<correction protozero                        "Fix data_view equality operator">
<correction pulseaudio                       "Fix copyright file">
<correction pykde4                           "Drop bindings for plasma webview bindings; they're obsolete and non-functional">
<correction python-colorlog                  "Fix python3 dependencies">
<correction python-imaplib2                  "Fix python3 dependencies">
<correction python-plumbum                   "Fix python3 dependencies">
<correction qgis                             "Fix missing Breaks/Replaces against python-qgis-common">
<correction request-tracker4                 "Handle configuration permissions correctly following RT_SiteConfig.d changes">
<correction retext                           "Backport upstream fix for crash in XSettings code; fix syntax in appdata XML file">
<correction rkhunter                         "Disable remote updates [CVE-2017-7480]">
<correction socat                            "Fix signals leading to possible 100% CPU usage">
<correction squashfs-tools                   "Fix corruption of large files; fix rare race condition">
<correction systemd                          "Fix out-of-bounds write in systemd-resolved [CVE-2017-9445]; be truly quiet in systemctl -q is-enabled; improve RLIMIT_NOFILE handling; debian/extra/rules: Use updated U2F ruleset">
<correction thermald                         "Add Broadwell-GT3E and Kabylake support">
<correction unrar-nonfree                    "Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters [CVE-2012-6706]">
<correction win32-loader                     "Replace all mirror urls with deb.debian.org; drop bz2 compression for source">
</table>

<h2>Security Updates</h2>


<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>

<table border=0>
<tr><th>Advisory ID</th>  <th>Package</th></tr>


<dsa 2017 3876 otrs2>
<dsa 2017 3877 tor>
<dsa 2017 3882 request-tracker4>
<dsa 2017 3884 gnutls28>
<dsa 2017 3885 irssi>
<dsa 2017 3886 linux>
<dsa 2017 3887 glibc>
<dsa 2017 3888 exim4>
<dsa 2017 3890 spip>
<dsa 2017 3891 tomcat8>
<dsa 2017 3893 jython>
<dsa 2017 3895 flatpak>
<dsa 2017 3896 apache2>
<dsa 2017 3897 drupal7>
<dsa 2017 3900 openvpn>
<dsa 2017 3901 libgcrypt20>
<dsa 2017 3902 jabberd2>
<dsa 2017 3903 tiff>
<dsa 2017 3904 bind9>
<dsa 2017 3905 xorg-server>
<dsa 2017 3906 undertow>
<dsa 2017 3907 spice>
<dsa 2017 3908 nginx>
<dsa 2017 3910 knot>
<dsa 2017 3911 evince>
<dsa 2017 3912 heimdal>

</table>

<h2>Removed packages</h2>

<p>The following packages were removed due to circumstances beyond our
control:</p>


<table border=0>
<tr><th>Package</th>               <th>Reason</th></tr>

<correction aiccu                     "Useless since shutdown of SixXS">
</table>

<h2>Debian Installer</h2>
<p>The installer has been updated to include the fixes incorporated into
stable by the point release.</p>

<h2>URLs</h2>

<p>The complete lists of packages that have changed with this
revision:</p>

<div class="center">
  <url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>

<p>The current stable distribution:</p>

<div class="center">
  <url "http://ftp.debian.org/debian/dists/stable/">
</div>

<p>Proposed updates to the stable distribution:</p>

<div class="center">
  <url "http://ftp.debian.org/debian/dists/proposed-updates">
</div>

<p>stable distribution information (release notes, errata etc.):</p>

<div class="center">
  <a
  href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
</div>

<p>Security announcements and information:</p>

<div class="center">
  <a href="$(HOME)/security/">https://security.debian.org/</a>
</div>


<h2>About Debian</h2>

<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>


<h2>Contact Information</h2>

<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">https://www.debian.org/</a>, send mail to
&lt;press@debian.org&gt;, or contact the stable release team at
&lt;debian-release@lists.debian.org&gt;.</p>
	<define-tag pagetitle>Updated Debian 9: 9.1 released</define-tag>
	<define-tag release_date>2017-07-22</define-tag>
	#use wml::debian::news
	# $Id:

	<define-tag release>9</define-tag>
	<define-tag codename>stretch</define-tag>
	<define-tag revision>9.1</define-tag>

	<define-tag dsa>
	<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
	<td align="center"><:
	my @p = ();
	for my $p (split (/,\s*/, "%2")) {
	push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
	}
	print join (", ", @p);
	:></td></tr>
	</define-tag>

	<define-tag correction>
	<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
	</define-tag>

	<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>

	<p>The Debian project is pleased to announce the first update of its
	stable distribution Debian <release> (codename <q><codename></q>).
	This point release mainly adds corrections for security issues,
	along with a few adjustments for serious problems. Security advisories
	have already been published separately and are referenced where available.</p>

	<p>Please note that the point release does not constitute a new version of Debian
	<release> but only updates some of the packages included. There is
	no need to throw away old <q><codename></q> media. After installation,
	packages can be upgraded to the current versions using an up-to-date Debian
	mirror.</p>

	<p>Those who frequently install updates from security.debian.org won't have
	to update many packages, and most such updates are
	included in the point release.</p>

	<p>New installation images will be available soon at the regular locations.</p>

	<p>Upgrading an existing installation to this revision can be achieved by
	pointing the package management system at one of Debian's many HTTP mirrors.
	A comprehensive list of mirrors is available at:</p>

	<div class="center">
	<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
	</div>


	<h2>Miscellaneous Bugfixes</h2>

	<p>This stable update adds a few important corrections to the following
	packages:</p>
	<table border=0>
	<tr><th>Package</th> <th>Reason</th></tr>
	<correction 3dchess "Reduce wasteful CPU consumption">
	<correction adwaita-icon-theme "Fix malformed send-to-symbolic icon">
	<correction anope "Fix incorrect mail-transport-agent relationship">
	<correction apt "Reset failure reason when connection was successful, so later errors are reported as such and not as <q>connection failure</q> warnings; http: A response with Content-Length: 0 has no content, so don't try to read it; use port from SRV record instead of initial port">
	<correction avogadro "Update eigen3 patches">
	<correction base-files "Update for the 9.1 point release">
	<correction c-ares "Security fix [CVE-2017-1000381]">
	<correction debian-edu-doc "Update Debian Edu Stretch manual from the wiki; update translations">
	<correction debsecan "Add support for stretch and buster; Python needs https_proxy for proxy configuration with https:// URLs">
	<correction devscripts "debchange: target stretch-backports with --bpo; support $codename{,-{proposed-updates,security}}; bts: add support for the new <q>a11y</q> tag">
	<correction dgit "Multiple bugfixes">
	<correction dovecot "Fix syntax errors when sending Solr queries">
	<correction dwarfutils "Security fixes [CVE-2017-9052 CVE-2017-9053 CVE-2017-9054 CVE-2017-9055 CVE-2017-9998]">
	<correction fpc "Fix conversion from local time to UTC">
	<correction galternatives "Fix blank window when displaying properties">
	<correction geolinks "Fix python3 dependencies">
	<correction gnats "gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty">
	<correction gnome-settings-daemon "Do not add the <q>US</q> keyboard layout by default for new users, for some reason, this layout was preferred over the system configured one on the first login; preserve NumLock state between sessions by default">
	<correction gnuplot "Fix memory corruption vulnerability">
	<correction gnutls28 "Fix breakage with AES-GCM in-place encryption and decryption on aarch64">
	<correction grub-installer "Fix support for systems with a large number of disks">
	<correction intel-microcode "Update included microcode">
	<correction libclamunrar "Fix arbitrary memory write [CVE-2012-6706]">
	<correction libopenmpt "Security fixes: out-of-bounds read while loading a malfomed PLM file; arbitrary code execution by a crafted PSM file [CVE-2017-11311]; various security fixes">
	<correction libquicktime "Security fixes [CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128]">
	<correction linux-latest "Revert changes to debug symbol meta-packages">
	<correction nagios-nrpe "Restore previous SSL defaults">
	<correction nvidia-graphics-drivers "Bump Pre-Depends: nvidia-installer-cleanup to (>= 20151021) for smoother upgrades from jessie">
	<correction octave-ocs "Fix loading package functions">
	<correction open-iscsi "Speed up Debian Installer when iSCSI is not used">
	<correction openssh "Fix incoming compression statistics">
	<correction openstack-debian-images "Also add security updates for non wheezy/jessie">
	<correction os-prober "EFI - look for <q>dos</q> instead of <q>msdos</q>">
	<correction osinfo-db "Improve support for Stretch and Jessie">
	<correction partman-base "Protect the firmware area on all mmcblk devices (and not only on mmcblk0) from being clobbered during guided partitioning">
	<correction pdns-recursor "Add 2017 DNSSEC root key">
	<correction perl "Backport various Getopt-Long fixes from upstream 2.49..2.51; backport upstream patch fixing regexp <q>Malformed UTF-8 character</q>; apply upstream base.pm no-dot-in-inc fix">
	<correction phpunit "Security fix: arbitrary PHP code execution via HTTP POST">
	<correction protozero "Fix data_view equality operator">
	<correction pulseaudio "Fix copyright file">
	<correction pykde4 "Drop bindings for plasma webview bindings; they're obsolete and non-functional">
	<correction python-colorlog "Fix python3 dependencies">
	<correction python-imaplib2 "Fix python3 dependencies">
	<correction python-plumbum "Fix python3 dependencies">
	<correction qgis "Fix missing Breaks/Replaces against python-qgis-common">
	<correction request-tracker4 "Handle configuration permissions correctly following RT_SiteConfig.d changes">
	<correction retext "Backport upstream fix for crash in XSettings code; fix syntax in appdata XML file">
	<correction rkhunter "Disable remote updates [CVE-2017-7480]">
	<correction socat "Fix signals leading to possible 100% CPU usage">
	<correction squashfs-tools "Fix corruption of large files; fix rare race condition">
	<correction systemd "Fix out-of-bounds write in systemd-resolved [CVE-2017-9445]; be truly quiet in systemctl -q is-enabled; improve RLIMIT_NOFILE handling; debian/extra/rules: Use updated U2F ruleset">
	<correction thermald "Add Broadwell-GT3E and Kabylake support">
	<correction unrar-nonfree "Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters [CVE-2012-6706]">
	<correction win32-loader "Replace all mirror urls with deb.debian.org; drop bz2 compression for source">
	</table>

	<h2>Security Updates</h2>


	<p>This revision adds the following security updates to the stable
	release. The Security Team has already released an advisory for each of
	these updates:</p>

	<table border=0>
	<tr><th>Advisory ID</th> <th>Package</th></tr>


	<dsa 2017 3876 otrs2>
	<dsa 2017 3877 tor>
	<dsa 2017 3882 request-tracker4>
	<dsa 2017 3884 gnutls28>
	<dsa 2017 3885 irssi>
	<dsa 2017 3886 linux>
	<dsa 2017 3887 glibc>
	<dsa 2017 3888 exim4>
	<dsa 2017 3890 spip>
	<dsa 2017 3891 tomcat8>
	<dsa 2017 3893 jython>
	<dsa 2017 3895 flatpak>
	<dsa 2017 3896 apache2>
	<dsa 2017 3897 drupal7>
	<dsa 2017 3900 openvpn>
	<dsa 2017 3901 libgcrypt20>
	<dsa 2017 3902 jabberd2>
	<dsa 2017 3903 tiff>
	<dsa 2017 3904 bind9>
	<dsa 2017 3905 xorg-server>
	<dsa 2017 3906 undertow>
	<dsa 2017 3907 spice>
	<dsa 2017 3908 nginx>
	<dsa 2017 3910 knot>
	<dsa 2017 3911 evince>
	<dsa 2017 3912 heimdal>

	</table>

	<h2>Removed packages</h2>

	<p>The following packages were removed due to circumstances beyond our
	control:</p>


	<table border=0>
	<tr><th>Package</th> <th>Reason</th></tr>

	<correction aiccu "Useless since shutdown of SixXS">
	</table>

	<h2>Debian Installer</h2>
	<p>The installer has been updated to include the fixes incorporated into
	stable by the point release.</p>

	<h2>URLs</h2>

	<p>The complete lists of packages that have changed with this
	revision:</p>

	<div class="center">
	<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
	</div>

	<p>The current stable distribution:</p>

	<div class="center">
	<url "http://ftp.debian.org/debian/dists/stable/">
	</div>

	<p>Proposed updates to the stable distribution:</p>

	<div class="center">
	<url "http://ftp.debian.org/debian/dists/proposed-updates">
	</div>

	<p>stable distribution information (release notes, errata etc.):</p>

	<div class="center">
	<a
	href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
	</div>

	<p>Security announcements and information:</p>

	<div class="center">
	<a href="$(HOME)/security/">https://security.debian.org/</a>
	</div>


	<h2>About Debian</h2>

	<p>The Debian Project is an association of Free Software developers who
	volunteer their time and effort in order to produce the completely free
	operating system Debian.</p>


	<h2>Contact Information</h2>

	<p>For further information, please visit the Debian web pages at <a
	href="$(HOME)/">https://www.debian.org/</a>, send mail to
	<press@debian.org>, or contact the stable release team at
	<debian-release@lists.debian.org>.</p>