apticron report [Sat, 10 Mar 2018 22:38:24 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
base-files 9.9+deb9u4
clamav 0.99.4+dfsg-1+deb9u1
clamav-base 0.99.4+dfsg-1+deb9u1
clamav-daemon 0.99.4+dfsg-1+deb9u1
clamav-freshclam 0.99.4+dfsg-1+deb9u1
clamdscan 0.99.4+dfsg-1+deb9u1
cron 3.0pl1-128+deb9u1
dbus 1.10.26-0+deb9u1
isc-dhcp-client 4.3.5-3+deb9u1
isc-dhcp-common 4.3.5-3+deb9u1
libapparmor1 2.11.0-3+deb9u2
libc6 2.24-11+deb9u3
libc6-dev 2.24-11+deb9u3
libc-bin 2.24-11+deb9u3
libc-dev-bin 2.24-11+deb9u3
libc-l10n 2.24-11+deb9u3
libclamav7 0.99.4+dfsg-1+deb9u1
libcups2 2.2.1-8+deb9u1
libcupsimage2 2.2.1-8+deb9u1
libdbus-1-3 1.10.26-0+deb9u1
libncurses5 6.0+20161126-1+deb9u2
libncursesw5 6.0+20161126-1+deb9u2
libpam-systemd 232-25+deb9u2
libsystemd0 232-25+deb9u2
libtinfo5 6.0+20161126-1+deb9u2
libudev1 232-25+deb9u2
linux-image-4.9.0-6-amd64 4.9.82-1+deb9u3
linux-libc-dev 4.9.82-1+deb9u3
locales 2.24-11+deb9u3
multiarch-support 2.24-11+deb9u3
ncurses-base 6.0+20161126-1+deb9u2
ncurses-bin 6.0+20161126-1+deb9u2
ncurses-term 6.0+20161126-1+deb9u2
needrestart 2.11-3+deb9u1
nscd 2.24-11+deb9u3
ntp 1:4.2.8p10+dfsg-3+deb9u2
ntpdate 1:4.2.8p10+dfsg-3+deb9u2
openssh-client 1:7.4p1-10+deb9u3
openssh-server 1:7.4p1-10+deb9u3
openssh-sftp-server 1:7.4p1-10+deb9u3
postfix 3.1.8-0+deb9u1
postfix-sqlite 3.1.8-0+deb9u1
publicsuffix 20180218.2049-0+deb9u1
systemd 232-25+deb9u2
systemd-sysv 232-25+deb9u2
udev 232-25+deb9u2
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour isc-dhcp (isc-dhcp-client isc-dhcp-common) ---
isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
* Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
* Correct buffer overrun in pretty_print_option (CVE-2018-5732)
(Closes: #891786)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sat, 03 Mar 2018 17:27:05 +0100
--- Modifications pour apparmor (libapparmor1) ---
apparmor (2.11.0-3+deb9u2) stretch; urgency=medium
* Move the features file to /usr/share/apparmor-features;
accordingly remove the old (now obsolete) '/etc/apparmor/features'
conffile (Closes: #883682).
* Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
with numbers.
-- intrigeri <intrigeri(a)debian.org> Tue, 27 Feb 2018 10:59:06 +0000
apparmor (2.11.0-3+deb9u1) stretch; urgency=medium
* Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
This ensures Stretch systems, even when running a newer kernel (e.g.
from backports), have their AppArmor feature set pinned to the one
supported by the AppArmor policy shipped in Stretch. Otherwise they
would experience breakage due to new AppArmor mediation features
introduced in recent kernels.
-- intrigeri <intrigeri(a)debian.org> Sat, 25 Nov 2017 18:04:05 +0000
--- Modifications pour base-files ---
base-files (9.9+deb9u4) stretch; urgency=medium
* Change /etc/debian_version to 9.4, for Debian 9.4 point release.
-- Santiago Vila <sanvila(a)debian.org> Sat, 24 Feb 2018 00:23:00 +0100
--- Modifications pour clamav (clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav7) ---
clamav (0.99.4+dfsg-1+deb9u1) stretch; urgency=medium
* Update to upstream 0.99.4:
Fixes for CVE: CVE-2018-1000085, CVE-2018-0202.
* Update the gpg signing key (the old DSA expired).
* Update version of private symbols due to version change.
* Bump symbol version of cl_retflevel because CL_FLEVEL changed.
-- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Sat, 03 Mar 2018 12:15:58 +0100
--- Modifications pour cron ---
cron (3.0pl1-128+deb9u1) stretch; urgency=medium
* Non-maintainer upload.
* Properly transition system jobs to system_cronjob_t SELinux context and
stop relying on refpolicy specific identifiers (Closes: #857662)
-- Laurent Bigonville <bigon(a)debian.org> Sat, 07 Oct 2017 15:38:27 +0200
--- Modifications pour dbus (dbus libdbus-1-3) ---
dbus (1.10.26-0+deb9u1) stretch; urgency=medium
* New upstream stable release
- bus/bus.c: Raise file descriptor limit sooner, while we still can
(before we drop privileges), fixing a regression in 1.10.18 which
negated a previous fix for local denial of service via resource
exhaustion
- test/*, build system: Add a regression test for the above
* d/tests/root: Re-run test-dbus-daemon as root, since it now contains
tests that are skipped as non-root
* d/tests/root: Allow stderr output, because test-dbus-daemon emits
some (and it is not a problem)
-- Simon McVittie <smcv(a)debian.org> Fri, 02 Mar 2018 08:59:25 +0000
--- Modifications pour glibc (libc6 libc6-dev libc-bin libc-dev-bin libc-l10n locales multiarch-support nscd) ---
glibc (2.24-11+deb9u3) stretch; urgency=medium
[ Aurelien Jarno ]
* debian/rules.d/debhelper.mk: install the libc-otherbuild postinst and
postrm in the libc6-i686 transitional package, to make sure
/etc/ld.so.nohwcap is correctly removed after an upgrade. Closes:
#883394.
-- Aurelien Jarno <aurel32(a)debian.org> Sun, 14 Jan 2018 11:39:44 +0100
glibc (2.24-11+deb9u2) stretch; urgency=medium
[ Aurelien Jarno ]
* debian/control.in/x32: Add a gcc-multilib Recommends for libc6-dev-x32.
* debian/patches/git-updates.diff: update from upstream stable branch:
- debian/patches/any/submitted-perl-inc.diff: drop, merged upstream.
- debian/patches/any/cvs-remove-pid-tid-cache-clone.diff: drop, merged
upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff:
drop, merged upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: drop,
merged upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff: drop,
merged upstream.
- debian/patches/any/cvs-vectorized-strcspn-guards.diff: drop, merged
upstream.
- debian/patches/any/cvs-hwcap-AT_SECURE.diff: drop, merged upstream.
- Avoid use-after-free read access in clntudp_call (CVE-2017-12133).
Closes: #870648.
- Fix compatibility with Intel C++ __regcall calling convention. Closes:
#881850.
- Fix a buffer overrun in rpcgen.
- Fix strlen on null pointer in nss_nisplus.
- Fix invalid cast in group merging affecting ppc64 and s390x.
- Define collation for Malayalam chillu characters.
- Correct collation of U+0D36 and U+0D37 Malayalam characters.
* debian/script.in/nohwcap.sh: always check for all optimized packages
as multiarch allows one to install foreign architectures. Closes:
#882272.
[ Santiago Vila ]
* debian/debhelper.in/libc-bin.postinst: do not update /etc/nsswitch.conf
when its content already matches the default. Closes: #865144.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 01 Dec 2017 21:09:18 +0100
--- Modifications pour linux (linux-image-4.9.0-6-amd64 linux-libc-dev) ---
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 02 Mar 2018 08:52:22 +0100
--- Modifications pour ncurses (libncurses5 libncursesw5 libtinfo5 ncurses-base ncurses-bin ncurses-term) ---
ncurses (6.0+20161126-1+deb9u2) stretch; urgency=medium
* Cherry-pick upstream fix from the 20171125 patchlevel to fix
a buffer overflow in the _nc_write_entry function
(CVE-2017-16879, Closes: #882620).
-- Sven Joachim <svenjoac(a)gmx.de> Thu, 28 Dec 2017 10:47:33 +0100
--- Modifications pour needrestart ---
needrestart (2.11-3+deb9u1) stretch; urgency=medium
* Non-maintainer upload.
* Fix switching to list mode if debconf is run non-interactively.
(Closes: #876459)
-- Dominik George <nik(a)naturalnet.de> Wed, 28 Feb 2018 22:48:43 +0100
--- Modifications pour ntp (ntp ntpdate) ---
ntp (1:4.2.8p10+dfsg-3+deb9u2) stretch; urgency=medium
* Cherry-pick patch from upstream to increase stack size.
Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
* Add d/gbp.conf for stretch branch
-- Bernhard Schmidt <berni(a)debian.org> Thu, 15 Feb 2018 12:45:57 +0100
--- Modifications pour openssh (openssh-client openssh-server openssh-sftp-server) ---
openssh (1:7.4p1-10+deb9u3) stretch; urgency=medium
* CVE-2017-15906: sftp-server(8): In read-only mode, sftp-server was
incorrectly permitting creation of zero-length files. Reported by Michal
Zalewski.
-- Colin Watson <cjwatson(a)debian.org> Thu, 01 Mar 2018 15:17:53 +0000
--- Modifications pour postfix (postfix postfix-sqlite) ---
postfix (3.1.8-0+deb9u1) stretch; urgency=medium
[Scott Kitterman]
* Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
failures when inet_interfaces != all. Closes: #882141
* Refresh patches
* Add postfix 3.1 specific watch file
[Wietse Venema]
* 3.1.7
- Bugfix (introduced: Postfix 3.1): DANE support. Postfix
builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
some sites with "TLSA 2 X X" records associated with an
intermediate CA certificate. Problem report and initial
fix by Erwan Legrand. File: src/tls/tls_dane.c.
- Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
in the Postfix sendmail command broke authorized_submit_users
with a dynamically-loaded map type. File: sendmail/sendmail.c.
* 3.1.8
- Bugfix (introduced: Postfix 2.1): don't log warnings
that some restriction returns OK, when the access map
DISCARD feature is in effect. File: smtpd/smtpd_check.c.
- Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
Berkeley DB configurations with a relative pathname. File:
util/dict_db.c. Closes: #879200
- Workaround: reportedly, some res_query(3) implementation
can return -1 with h_errno==0. Instead of terminating with
a panic, the Postfix DNS client now logs a warning and sets
h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
- Documentation patches by Sven Neuhaus. Files:
proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
- Cleanup: missing mailbox seek-to-end error check in the
local(8) delivery agent. File: local/mailbox.c.
- Cleanup: incorrect mailbox seek-to-end error message in the
virtual(8) delivery agent. File: virtual/mailbox.c.
-- Scott Kitterman <scott(a)kitterman.com> Fri, 23 Feb 2018 17:29:10 -0500
--- Modifications pour publicsuffix ---
publicsuffix (20180218.2049-0+deb9u1) stretch; urgency=medium
* new upstream publicsuffix data
-- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Mon, 26 Feb 2018 16:50:37 -0500
publicsuffix (20180125.0922-0+deb9u1) stretch; urgency=medium
* new upstream publicsuffix data
-- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Wed, 31 Jan 2018 23:20:50 -0500
--- Modifications pour systemd (libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev) ---
systemd (232-25+deb9u2) stretch; urgency=medium
* networkd: Handle MTU field in IPv6 RA (Closes: #878162)
* shared: Add a linker script so that all functions are tagged @SD_SHARED
instead of @Base.
This helps prevent symbol collisions with other programs and libraries.
In particular, because PAM modules are loaded into the process that is
creating the session, and systemd creates PAM sessions, the potential
for collisions is high. (Closes: #873708)
* resolved: Fix loop on packets with pseudo dns types.
CVE-2017-15908 (Closes: #880026)
* machinectl: Don't output "No machines." with --no-legend option
(Closes: #880158)
-- Michael Biebl <biebl(a)debian.org> Sun, 03 Dec 2017 15:03:50 +0100
--- Modifications pour cups (libcups2 libcupsimage2) ---
cups (2.2.1-8+deb9u1) stretch; urgency=low
* CVE-2017-18190: Prevent an issue where remote attackers could execute
arbitrary IPP commands by sending POST requests to the CUPS daemon in
conjunction with DNS rebinding. This was caused by a whitelisted
"localhost.localdomain" entry.
-- Didier Raboud <odyx(a)debian.org> Thu, 22 Feb 2018 17:51:44 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
This is the mail system at host nonagon.crans.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<monitoring(a)federez.net> (expanded from <root>): host
smtp.crans.org[2a06:e042:100:4:200:9ff:fe04:1901] said: 550 5.1.0
<root(a)nonagon.crans.org>: Sender address rejected: User unknown in relay
recipient table (in reply to RCPT TO command)
apticron report [Fri, 09 Mar 2018 22:38:06 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
isc-dhcp-client 4.3.5-3+deb9u1
isc-dhcp-common 4.3.5-3+deb9u1
linux-image-4.9.0-6-amd64 4.9.82-1+deb9u3
linux-libc-dev 4.9.82-1+deb9u3
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour isc-dhcp (isc-dhcp-client isc-dhcp-common) ---
isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
* Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
* Correct buffer overrun in pretty_print_option (CVE-2018-5732)
(Closes: #891786)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sat, 03 Mar 2018 17:27:05 +0100
--- Modifications pour linux (linux-image-4.9.0-6-amd64 linux-libc-dev) ---
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 02 Mar 2018 08:52:22 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
This is the mail system at host nonagon.crans.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<monitoring(a)federez.net> (expanded from <root>): host
smtp.crans.org[138.231.136.39] said: 550 5.1.0 <root(a)nonagon.crans.org>:
Sender address rejected: User unknown in relay recipient table (in reply to
RCPT TO command)
apticron report [Thu, 08 Mar 2018 22:38:06 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
isc-dhcp-client 4.3.5-3+deb9u1
isc-dhcp-common 4.3.5-3+deb9u1
linux-image-4.9.0-6-amd64 4.9.82-1+deb9u3
linux-libc-dev 4.9.82-1+deb9u3
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour isc-dhcp (isc-dhcp-client isc-dhcp-common) ---
isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
* Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
* Correct buffer overrun in pretty_print_option (CVE-2018-5732)
(Closes: #891786)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sat, 03 Mar 2018 17:27:05 +0100
--- Modifications pour linux (linux-image-4.9.0-6-amd64 linux-libc-dev) ---
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 02 Mar 2018 08:52:22 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
This is the mail system at host nonagon.crans.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<monitoring(a)federez.net> (expanded from <root>): host
smtp.crans.org[2a06:e042:100:4:200:9ff:fe04:1901] said: 550 5.1.0
<root(a)nonagon.crans.org>: Sender address rejected: User unknown in relay
recipient table (in reply to RCPT TO command)
apticron report [Wed, 07 Mar 2018 22:38:06 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
linux-image-4.9.0-6-amd64 4.9.82-1+deb9u3
linux-libc-dev 4.9.82-1+deb9u3
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour linux (linux-image-4.9.0-6-amd64 linux-libc-dev) ---
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 02 Mar 2018 08:52:22 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
This is the mail system at host nonagon.crans.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<monitoring(a)federez.net> (expanded from <root>): host
smtp.crans.org[2a06:e042:100:4:200:9ff:fe04:1901] said: 550 5.1.0
<root(a)nonagon.crans.org>: Sender address rejected: User unknown in relay
recipient table (in reply to RCPT TO command)
apticron report [Tue, 06 Mar 2018 22:38:06 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
linux-image-4.9.0-6-amd64 4.9.82-1+deb9u3
linux-libc-dev 4.9.82-1+deb9u3
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour linux (linux-image-4.9.0-6-amd64 linux-libc-dev) ---
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <aurel32(a)debian.org> Fri, 02 Mar 2018 08:52:22 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
