[Monitoring] 59 Debian package update(s) for hexagon.federez.net

apticron report [Mon, 19 Sep 2016 10:48:25 +0200] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: apache2 2.4.10-10+deb8u7 apache2.2-bin 2.4.10-10+deb8u7 apache2.2-common 2.4.10-10+deb8u7 apache2-bin 2.4.10-10+deb8u7 apache2-data 2.4.10-10+deb8u7 apache2-mpm-prefork 2.4.10-10+deb8u7 apache2-utils 2.4.10-10+deb8u7 base-files 8+deb8u6 clamav 0.99.2+dfsg-0+deb8u2 clamav-base 0.99.2+dfsg-0+deb8u2 clamav-daemon 0.99.2+dfsg-0+deb8u2 clamav-freshclam 0.99.2+dfsg-0+deb8u2 clamdscan 0.99.2+dfsg-0+deb8u2 comerr-dev 2.1-1.42.12-2 e2fslibs 1.42.12-2 e2fsprogs 1.42.12-2 file 1:5.22+15-2+deb8u2 gnupg 1.4.18-7+deb8u3 gnupg2 2.0.26-6+deb8u1 gnupg-agent 2.0.26-6+deb8u1 gpgv 1.4.18-7+deb8u3 libc6 2.19-18+deb8u6 libc6-dev 2.19-18+deb8u6 libc-bin 2.19-18+deb8u6 libc-dev-bin 2.19-18+deb8u6 libclamav7 0.99.2+dfsg-0+deb8u2 libcomerr2 1.42.12-2 libltdl7 2.4.2-1.11+b1 libmagic1 1:5.22+15-2+deb8u2 libmilter1.0.1 8.14.4-8+deb8u1 libnet-ssleay-perl 1.65-1+deb8u1 libpam-systemd 215-17+deb8u5 libpython2.7 2.7.9-2+deb8u1 libpython2.7-dev 2.7.9-2+deb8u1 libpython2.7-minimal 2.7.9-2+deb8u1 libpython2.7-stdlib 2.7.9-2+deb8u1 libruby2.1 2.1.5-2+deb8u3 libsqlite3-0 3.8.7.1-1+deb8u2 libss2 1.42.12-2 libssl1.0.0 1.0.1t-1+deb8u3 libssl-dev 1.0.1t-1+deb8u3 libssl-doc 1.0.1t-1+deb8u3 libsystemd0 215-17+deb8u5 libudev1 215-17+deb8u5 libunbound2 1.4.22-3+deb8u2 libxml2 2.9.1+dfsg1-5+deb8u3 locales 2.19-18+deb8u6 multiarch-support 2.19-18+deb8u6 nscd 2.19-18+deb8u6 openssl 1.0.1t-1+deb8u3 python2.7 2.7.9-2+deb8u1 python2.7-dev 2.7.9-2+deb8u1 python2.7-minimal 2.7.9-2+deb8u1 sqlite3 3.8.7.1-1+deb8u2 systemd 215-17+deb8u5 systemd-sysv 215-17+deb8u5 udev 215-17+deb8u5 vorbis-tools 1.4.0-6+deb8u1 wget 1.16-1+deb8u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour libtool (libltdl7) --- libtool (2.4.2-1.11+b1) jessie; urgency=low, binary-only=yes * Binary-only non-maintainer upload for amd64; no source changes. * Rebuild with current automake -- amd64 Build Daemon (binet) <buildd-binet(a)buildd.debian.org> Tue, 14 Oct 2014 19:21:11 +0200 --- Modifications pour file (file libmagic1) --- file (1:5.22+15-2+deb8u2) stable; urgency=high * Fix CVE-2015-8865: Buffer over-write in finfo_open with malformed magic file. -- Christoph Biedl <debian.axhn(a)manchmal.in-ulm.de> Mon, 09 May 2016 08:18:53 +0200 --- Modifications pour apache2 (apache2 apache2.2-bin apache2.2-common apache2-bin apache2-data apache2-mpm-prefork apache2-utils) --- apache2 (2.4.10-10+deb8u7) jessie; urgency=medium * Fix installation of /lib/systemd/system/apache2.service.d/forking.conf. -- Julien Cristau <jcristau(a)debian.org> Thu, 15 Sep 2016 22:42:19 +0200 apache2 (2.4.10-10+deb8u6) jessie; urgency=medium * Fix race condition and logical error in init script. Thanks to Thomas Stangner for the patch. Closes: #822144 * Remove links to manpages.debian.org in default index.html to avoid broken robots doing a DoS on the site. Closes: #821313 * mod_socache_memcache: Increase idle timeout to 15s to allow keep-alive connections. Closes: #803035 * mod_proxy_fcgi: Fix wrong behavior with 304 responses. Closes: #827472 * Correct systemd-sysv-generator behavior by customizing some parameters. This fixes 'systemctl status' returning incorrect results. Closes: #827444 * mod_proxy_html: Add missing config file mods-available/proxy_html.conf. This is intentionally not enabled during upgrade, to make it less likely to break existing setups. It will be enabled by a a2dismod/a2enmod cycle, though. Closes: #827258 -- Stefan Fritsch <sf(a)debian.org> Sun, 07 Aug 2016 12:58:11 +0200 --- Modifications pour clamav (clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav7) --- clamav (0.99.2+dfsg-0+deb8u2) stable; urgency=medium * Don't fail if AllowSupplementaryGroups is still set in the config file but ignore it and continue (Closes: #826406). -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Mon, 06 Jun 2016 22:06:52 +0200 --- Modifications pour e2fsprogs (comerr-dev e2fslibs e2fsprogs libcomerr2 libss2) --- e2fsprogs (1.42.12-2) jessie; urgency=medium * NMU acknowledge (closes: #778948) * Disable prompts for time skew which is fudged in e2fsck (closes: #812141) * Fix potential corruption of Hurd file systems by e2fsck * Fix pointer bugs that could cause crashes in e2fsck and resize2fs -- Theodore Y. Ts'o <tytso(a)mit.edu> Sat, 04 Jun 2016 11:58:06 -0400 --- Modifications pour glibc (libc6 libc6-dev libc-bin libc-dev-bin locales multiarch-support nscd) --- glibc (2.19-18+deb8u6) stable; urgency=medium * Update from upstream stable branch: - Fix backtrace hang on armel/armhf, possibly causing a minor denial-of-service vulnerability (CVE-2016-6323). Closes: #834752. - Fix open and openat functions with O_TMPFILE. Closes: #832521. - Drop debian/patches/any/cvs-ld_pointer_guard.diff (merged upstream). - Drop debian/patches/any/cvs-mangle-tls_dtor_list.diff (merged upstream). - Drop debian/patches/any/cvs-strxfrm-buffer-overflows.diff (merged upstream). * debian/patches/any/submitted-resolv-ipv6-nameservers.diff: replace by patch cvs-resolv-ipv6-nameservers.diff taken from upstream. This fixes mtr on systems using only IPv6 nameservers. Closes: #818281. -- Aurelien Jarno <aurel32(a)debian.org> Sat, 03 Sep 2016 22:39:43 +0200 glibc (2.19-18+deb8u5) stable; urgency=medium [ Aurelien Jarno ] * Update from upstream stable branch: - Drop debian/patches/any/local-CVE-2015-7547.diff. - Refresh debian/patches/any/cvs-resolv-first-query-failure.diff. - Fix assertion failure with unconnectable name server addresses. (regression introduced by CVE-2015-7547). Closes: #816669. - Fix *context functions on s390x. - Fix a buffer overflow in the glob function (CVE-2016-1234). - Fix a stack overflow in nss_dns_getnetbyname_r (CVE-2016-3075). - Fix a stack overflow in getaddrinfo function (CVE-2016-3706). - Fix a stack overflow in Sun RPC clntudp_call() (CVE-2016-4429). -- Aurelien Jarno <aurel32(a)debian.org> Wed, 13 Jul 2016 00:03:52 +0200 --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.18-7+deb8u3) jessie; urgency=medium * Non-maintainer with maintainers approval. * gpgv: Tweak default options for extra security * g10: Fix checking key for signature validation -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 18 Aug 2016 07:13:19 +0200 --- Modifications pour gnupg2 (gnupg2 gnupg-agent) --- gnupg2 (2.0.26-6+deb8u1) jessie; urgency=medium * Non-maintainer with maintainers approval. * gpgv: Tweak default options for extra security * g10: Fix checking key for signature validation -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 04 Aug 2016 22:22:42 +0200 --- Modifications pour libnet-ssleay-perl --- libnet-ssleay-perl (1.65-1+deb8u1) jessie; urgency=medium * Team upload. * Fix FTBFS: apply patch to disable test 33_x509_create_cert.t which fails with openssl 1.0.1t-1+deb8u1 (Closes: #789344) -- Dominic Hargreaves <dom(a)earth.li> Sat, 11 Jun 2016 22:02:20 +0100 --- Modifications pour libxml2 --- libxml2 (2.9.1+dfsg1-5+deb8u3) jessie; urgency=medium * Non-maintainer upload. * Fix a problem unparsing URIs without a host part like qemu:///system. This unbreaks libvirt, libsys-virt-perl and others (Closes: #781232) -- Salvatore Bonaccorso <carnil(a)debian.org> Tue, 14 Jun 2016 20:20:41 +0200 --- Modifications pour openssl (libssl1.0.0 libssl-dev libssl-doc openssl) --- openssl (1.0.1t-1+deb8u3) jessie; urgency=medium [ Kurt Roeckx ] * Fix length check for CRLs. (Closes: #826552) [ Sebastian Andrzej Siewior ] * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov. (Closes: #833156). -- Kurt Roeckx <kurt(a)roeckx.be> Sat, 11 Jun 2016 19:18:11 +0200 --- Modifications pour python2.7 (libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib python2.7 python2.7-dev python2.7-minimal) --- python2.7 (2.7.9-2+deb8u1) jessie; urgency=medium * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9 to address StartTLS stripping attack in smtplib (CVE-2016-0772) * Backport upstream commit 985fc64c60d6adffd1138b6cc46df388ca91ca5d to address integer overflow in zipimporter (CVE-2016-5636) * Backport upstream commit 1c45047c51020d46246385949d5c02e026d47320 to address HTTP header injection (CVE-2016-5699) -- Moritz Mühlenhoff <jmm(a)debian.org> Wed, 29 Jun 2016 00:02:23 +0200 --- Modifications pour sendmail (libmilter1.0.1) --- sendmail (8.14.4-8+deb8u1) jessie; urgency=medium * QA upload. * Cherry-pick some patches from RHEL 6: RHBA-2015:1299-3 * sendmail-8.14.4-client-port.patch: sendmail {client_port} not set correctly on little endian machines (8.15.1). * sendmail-8.14.4-ldap-fix.patch: do not abort with an assertion if the connection to an LDAP server is lost (8.14.5). (Closes: #826120) -- Andreas Beckmann <anbe(a)debian.org> Thu, 30 Jun 2016 19:44:19 +0200 --- Modifications pour sqlite3 (libsqlite3-0 sqlite3) --- sqlite3 (3.8.7.1-1+deb8u2) jessie; urgency=medium * Fix CVE-2016-6153 , Tempdir Selection Vulnerability. * Backport fix for segfault following heavy SAVEPOINT usage (closes: #835205). -- Laszlo Boszormenyi (GCS) <gcs(a)debian.org> Thu, 25 Aug 2016 16:10:24 +0000 --- Modifications pour systemd (libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev) --- systemd (215-17+deb8u5) stable; urgency=medium * Use the right timeout for stop processes we fork. This ensures that services are properly killed after a given timeout. (Closes: #813702) * Don't reset log level to NOTICE if we get quiet on the kernel cmdline. (Closes: #828006) * Fix prepare priority queue comparison function in sd-event. Otherwise a disabled event source can get swapped with an enabled one and cause a severe sd-event malfunction, breaking the event loop. (Closes: #789796) * Update links to kernel.org cgroup documentation. The systemd.resource-control man page had references to /cgroups/ which moved to /cgroup-v1/. (Closes: #819970) * Don't start console-getty.service when /dev/console is missing. Avoids repeated unsuccessful start attempts of agetty inside (docker) containers. (Closes: #829537) * Order systemd-user-sessions.service after nss-user-lookup.target. We should not allow logins before NIS/LDAP users are available. * Order systemd-user-sessions.service after network.target. That way we can be sure that local users are logged out and SSH sessions are ended cleanly before the network is shut down when the system goes down. -- Michael Biebl <biebl(a)debian.org> Sun, 24 Jul 2016 18:55:54 +0200 --- Modifications pour unbound (libunbound2) --- unbound (1.4.22-3+deb8u2) jessie; urgency=medium * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132) * debian/unbound.init: Call start-stop-daemon with --retry for 'stop' action (patch from Julien Cristau) -- Robert Edmonds <edmonds(a)debian.org> Mon, 04 Jul 2016 15:58:01 -0400 --- Modifications pour wget --- wget (1.16-1+deb8u1) jessie; urgency=medium * added patch for CVE-2016-4971. closes: #827003, #829130 By default, on server redirects to a FTP resource, use the original URL to get the local file name. Close CVE-2016-4971. This introduces a backward-incompatibility for HTTP->FTP redirects and any script that relies on the old behaviour must use --trust-server-names. * debian/rules fixed clean target -- Noël Köthe <noel(a)debian.org> Mon, 04 Jul 2016 18:37:47 +0200 --- Modifications pour base-files --- base-files (8+deb8u6) stable; urgency=low * Changed /etc/debian_version to 8.6, for Debian 8.6 point release. -- Santiago Vila <sanvila(a)debian.org> Sun, 04 Sep 2016 12:52:06 +0200 --- Modifications pour ruby2.1 (libruby2.1) --- ruby2.1 (2.1.5-2+deb8u3) jessie; urgency=low * Non-maintainer upload to fix security problem. * Fix CVE-2009-5147: DL::dlopen should not open a library with tainted library name in safe mode (Closes: #796344). Based on patch used in DLA-299-1, which was pulled from upstream. * Fix CVE-2015-7551: Fiddle handles should not call functions with tainted function names (Closes: #796344). Patch pulled from upstream. -- Petter Reinholdtsen <pere(a)debian.org> Tue, 07 Jun 2016 11:00:04 +0200 --- Modifications pour vorbis-tools --- vorbis-tools (1.4.0-6+deb8u1) jessie; urgency=low [ Petter Reinholdtsen ] * Add gbp.conf file documenting git branch to use for updates to Jessie. * oggenc: Fix large alloca on bad AIFF input to oggenc (CVE-2015-6749). (Closes: 797461) * oggenc: Validate count of channels in the header (CVE-2014-9638, CVE-2014-9639). (Closes: 776086) [ Martin Steghöfer ] * Fix segmentation fault in vcut (Closes: #818037) -- Petter Reinholdtsen <pere(a)debian.org> Thu, 09 Jun 2016 12:18:49 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron