Debian 9858 Published by

The sixth update of Debian 8 has been released



------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.6 released press@debian.org
September 17th, 2016 https://www.debian.org/News/2016/20160917
------------------------------------------------------------------------


The Debian project is pleased to announce the sixth update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bug Fixes
-----------------------

This stable update adds a few important corrections to the following
packages:

+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| adblock-plus [1] | New upstream release, compatible with |
| | firefox-esr |
| | |
| apache2 [2] | Fix race condition and logical error in |
| | init script; remove links to |
| | manpages.debian.org in default |
| | index.html; mod_socache_memcache: |
| | Increase idle timeout to 15s to allow |
| | keep-alive connections; mod_proxy_fcgi: |
| | Fix wrong behaviour with 304 responses; |
| | correct systemd-sysv-generator behaviour; |
| | mod_proxy_html: Add missing config file |
| | mods-available/proxy_html.conf |
| | |
| audiofile [3] | Fix buffer overflow when changing both |
| | sample format and number of channels |
| | [CVE-2015-7747] |
| | |
| automake-1.14 [4] | Avoid insecure use of /tmp/ in install-sh |
| | |
| backintime [5] | Add missing dependency on python-dbus |
| | |
| backuppc [6] | Fix regressions from samba update to 4.2 |
| | |
| base-files [7] | Update for the point release |
| | |
| biber [8] | Fix breakage triggered by point release |
| | update of perl |
| | |
| cacti [9] | Fix sql injection in tree.php [CVE-2016- |
| | 3172] and graph_view.php [CVE-2016-3659]; |
| | fix authentication bypass [CVE-2016-2313] |
| | |
| ccache [10] | Upstream bug-fix release |
| | |
| clamav [11] | Don't fail if AllowSupplementaryGroups is |
| | still set in the configuration file |
| | |
| cmake [12] | Fix FindOpenSSL module to detect OpenSSL |
| | 1.0.1t |
| | |
| conkeror [13] | Support Firefox 44 and later |
| | |
| debian-edu-config [14] | Move from Iceweasel to Firefox ESR; |
| | adjust ldap-tools/ldap-debian-edu-install |
| | to be compliant with systemd now that |
| | unit samba.service is masked; dhclient- |
| | exit-hooks.d/hostname: adjust for the |
| | case of a dedicated LTSP server; adjust |
| | cf.krb5client to ensure that cfengine |
| | runs are idempotent; move code to |
| | cleanup /usr/share/pam-configs/krb5 |
| | diversion from postinst to preinst to |
| | ease upgrades from old wheezy |
| | installations; don't purge libnss-mdns as |
| | cups now needs mdns for automatic printer |
| | detection |
| | |
| debian-edu-doc [15] | Update Debian Edu jessie and wheezy |
| | manuals from the wiki |
| | |
| debian-installer [16] | Rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [17] | |
| | |
| debian-security- | Update included support data; add support |
| support [18] | for marking packages as losing support at |
| | a future date |
| | |
| dietlibc [19] | Fix insecure default PATH |
| | |
| dwarfutils [20] | Security fixes [CVE-2015-8538 CVE-2015- |
| | 8750 CVE-2016-2050 CVE-2016-2091 |
| | CVE-2016-5034 CVE-2016-5036 CVE-2016-5038 |
| | CVE-2016-5039 CVE-2016-5042] |
| | |
| e2fsprogs [21] | Disable prompts for time skew which is |
| | fudged in e2fsck; fix potential |
| | corruption of Hurd file systems by |
| | e2fsck, pointer bugs that could cause |
| | crashes in e2fsck and resize2fs |
| | |
| exim4 [22] | Fix cutthrough bug with body lines having |
| | a single dot; fix crash on "exim -be '$ |
| | {if crypteq{xxx}{\$aaa}{yes}{no}}'" ; |
| | improve NEWS file; backport missing |
| | upstream patch to actually make |
| | $initial_cwd expansion work |
| | |
| file [23] | Fix buffer over-write in finfo_open with |
| | malformed magic file [CVE-2015-8865] |
| | |
| firegestures [24] | New upstream release, compatible with |
| | firefox-esr |
| | |
| flashplugin- | Update-flashplugin-nonfree: Delete old |
| nonfree [25] | get-upstream-version.pl from cache |
| | |
| fusionforge [26] | Remove dependency on Mediawiki plugin |
| | from fusionforge-full metapackage |
| | |
| gdcm [27] | Fix integer overflow [CVE-2015-8396] and |
| | denial of service [CVE-2015-8397] |
| | |
| glibc [28] | Fix assertion failure with unconnectable |
| | name server addresses (regression |
| | introduced by CVE-2015-7547 fix); fix |
| | *context functions on s390x; fix a buffer |
| | overflow in the glob function [CVE-2016- |
| | 1234], a stack overflow in |
| | nss_dns_getnetbyname_r [CVE-2016-3075], a |
| | stack overflow in getaddrinfo function |
| | [CVE-2016-3706], a stack overflow in Sun |
| | RPC clntudp_call() [CVE-2016-4429]; |
| | update from upstream stable branch; fix |
| | open and openat functions with O_TMPFILE; |
| | fix backtrace hang on armel/armhf, |
| | possibly causing a minor denial of |
| | service vulnerability [CVE-2016-6323]; |
| | fix mtr on systems using only IPv6 |
| | nameservers |
| | |
| gnome-maps [29] | New upstream release; use the Mapbox tile |
| | server, instead of the no longer |
| | supported MapQuest server |
| | |
| gnome-sudoku [30] | Don't generate the same puzzle sequence |
| | every time |
| | |
| gnupg [31] | gpgv: Tweak default options for extra |
| | security; g10: Fix checking key for |
| | signature validation |
| | |
| gnupg2 [32] | gpgv: Tweak default options for extra |
| | security; g10: Fix checking key for |
| | signature validation |
| | |
| greasemonkey [33] | New upstream release, compatible with |
| | firefox-esr |
| | |
| intel-microcode [34] | New upstream release |
| | |
| jakarta-jmeter [35] | Really install the templates; fix an |
| | error with libxstream-java >= 1.4.9 when |
| | loading the templates |
| | |
| javatools [36] | Return correct architecture string for |
| | ppc64el in java-arch.sh |
| | |
| kamailio [37] | Fix libssl version check |
| | |
| libbusiness-creditcard- | Adjust to changes in credit card ranges |
| perl [38] | and processing of various companies |
| | |
| libcss-dom-perl [39] | Work around Encode changes included in |
| | perl and libencode-perl stable updates |
| | |
| libdatetime-timezone- | Update included data to 2016e; new |
| perl [40] | upstream release |
| | |
| libdevel-declare- | Fix breakage caused by change in perl |
| perl [41] | stable update |
| | |
| libnet-ssleay-perl [42] | Fix build failure with openssl |
| | 1.0.1t-1+deb8u1 |
| | |
| libquota-perl [43] | Adapt platform detection to work with |
| | Linux 4.x |
| | |
| libtool [44] | Fix multi-arch co-installability [amd64 |
| | i386] |
| | |
| libxml2 [45] | Fix a problem unparsing URIs without a |
| | host part like qemu:///system; this |
| | unbreaks libvirt, libsys-virt-perl and |
| | others |
| | |
| linux [46] | New upstream stable release |
| | |
| lxc [47] | Make sure stretch/sid containers have an |
| | init system, after init 1.34 dropped the |
| | 'Essential: yes' header |
| | |
| mariadb-10.0 [48] | New upstream release, including security |
| | fix [CVE-2016-6662] |
| | |
| mozilla-noscript [49] | New upstream release, compatible with |
| | firefox-esr |
| | |
| nullmailer [50] | Do not keep relayhost data in debconf |
| | database longer than strictly needed |
| | |
| open-iscsi [51] | Init script: wait a bit after iSCSI |
| | devices have appeared, working around a |
| | race condition in which dependent devices |
| | can appear only after the initial udev |
| | settle has returned; open-iscsi-udeb: |
| | update initramfs after copying |
| | configuration to target system |
| | |
| openssl [52] | Fix length check for CRLs; enable asm |
| | optimisation for s390x |
| | |
| ovirt-guest-agent [53] | Install ovirt-guest-agent.py executable; |
| | change owner of log directory to |
| | ovirtagent in postinst |
| | |
| piuparts [54] | Fix build failure (don't test the current |
| | Debian release status, tracking that is |
| | distro-info-data's problem) |
| | |
| policykit-1 [55] | Several bug-fixes: fix heap corruption |
| | [CVE-2015-3255], local authenticated |
| | denial of service [CVE-2015-4625] and |
| | issue with invalid object paths in |
| | RegisterAuthenticationAgent [CVE-2015- |
| | 3218] |
| | |
| publicsuffix [56] | New upstream release |
| | |
| pypdf2 [57] | Fix infinite loop in readObject() |
| | function |
| | |
| python-django [58] | Bug-fix update to 1.7.11 |
| | |
| python2.7 [59] | Address StartTLS stripping attack in |
| | smtplib [CVE-2016-0772], integer overflow |
| | in zipimporter [CVE-2016-5636], HTTP |
| | header injection [CVE-2016-5699] |
| | |
| quassel [60] | Fix remote DoS in quassel core with |
| | invalid handshake data [CVE-2016-4414] |
| | |
| ruby-eventmachine [61] | Fix remotely triggerable crash due to FD |
| | handling |
| | |
| ruby2.1 [62] | dl::dlopen should not open a library with |
| | tainted library name in safe mode |
| | [CVE-2009-5147]; Fiddle handles should |
| | not call functions with tainted function |
| | names [CVE-2015-7551] |
| | |
| sendmail [63] | Do not abort with an assertion if the |
| | connection to an LDAP server is lost; |
| | ensure sendmail {client_port} is set |
| | correctly on little endian machines |
| | |
| sqlite3 [64] | Fix tempdir selection vulnerability |
| | [CVE-2016-6153], segfault following heavy |
| | SAVEPOINT usage |
| | |
| systemd [65] | Use the right timeout for stop processes |
| | we fork; don't reset log level to NOTICE |
| | if we get quiet on the kernel cmdline; |
| | fix prepare priority queue comparison |
| | function in sd-event; update links to |
| | kernel.org cgroup documentation; don't |
| | start console-getty.service when /dev/ |
| | console is missing; order systemd-user- |
| | sessions.service after nss-user- |
| | lookup.target and network.target |
| | |
| tabmixplus [66] | New upstream release, compatible with |
| | firefox-esr |
| | |
| tcpreplay [67] | Handle frames of 65535 octets size, add a |
| | size check [CVE-2016-6160] |
| | |
| tor [68] | Update the set of authority directory |
| | servers |
| | |
| tzdata [69] | New upstream release; update to 2016e |
| | |
| unbound [70] | Init script fixes: add "pidfile" magic |
| | comment; call start-stop-daemon with -- |
| | retry for 'stop' action |
| | |
| util-vserver [71] | Rebuild against dietlibc |
| | 0.33~cvs20120325-6+deb8u1, fixing |
| | insecure default PATH |
| | |
| vorbis-tools [72] | Fix large alloca on bad AIFF input to |
| | oggenc [CVE-2015-6749], Validate count of |
| | channels in the header [CVE-2014-9638 |
| | CVE-2014-9639], fix segmentation fault in |
| | vcut |
| | |
| vtk [73] | Rebuild to fix Java paths [ppc64el] |
| | |
| wget [74] | By default, on server redirects to a FTP |
| | resource, use the original URL to get the |
| | local file name [CVE-2016-4971] |
| | |
| wpa [75] | Security updates relating to invalid |
| | characters [CVE-2016-4476, CVE-2016-4477] |
| | |
| yaws [76] | Fix HTTP_PROXY cgi env injection |
| | [CVE-2016-1000108] |
| | |
| zabbix [77] | Fix mysql.size shell command injection in |
| | zabbix-agent [CVE-2016-4338] |
| | |
+-------------------------+-------------------------------------------+

1: https://packages.debian.org/src:adblock-plus
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:audiofile
4: https://packages.debian.org/src:automake-1.14
5: https://packages.debian.org/src:backintime
6: https://packages.debian.org/src:backuppc
7: https://packages.debian.org/src:base-files
8: https://packages.debian.org/src:biber
9: https://packages.debian.org/src:cacti
10: https://packages.debian.org/src:ccache
11: https://packages.debian.org/src:clamav
12: https://packages.debian.org/src:cmake
13: https://packages.debian.org/src:conkeror
14: https://packages.debian.org/src:debian-edu-config
15: https://packages.debian.org/src:debian-edu-doc
16: https://packages.debian.org/src:debian-installer
17: https://packages.debian.org/src:debian-installer-netboot-images
18: https://packages.debian.org/src:debian-security-support
19: https://packages.debian.org/src:dietlibc
20: https://packages.debian.org/src:dwarfutils
21: https://packages.debian.org/src:e2fsprogs
22: https://packages.debian.org/src:exim4
23: https://packages.debian.org/src:file
24: https://packages.debian.org/src:firegestures
25: https://packages.debian.org/src:flashplugin-nonfree
26: https://packages.debian.org/src:fusionforge
27: https://packages.debian.org/src:gdcm
28: https://packages.debian.org/src:glibc
29: https://packages.debian.org/src:gnome-maps
30: https://packages.debian.org/src:gnome-sudoku
31: https://packages.debian.org/src:gnupg
32: https://packages.debian.org/src:gnupg2
33: https://packages.debian.org/src:greasemonkey
34: https://packages.debian.org/src:intel-microcode
35: https://packages.debian.org/src:jakarta-jmeter
36: https://packages.debian.org/src:javatools
37: https://packages.debian.org/src:kamailio
38: https://packages.debian.org/src:libbusiness-creditcard-perl
39: https://packages.debian.org/src:libcss-dom-perl
40: https://packages.debian.org/src:libdatetime-timezone-perl
41: https://packages.debian.org/src:libdevel-declare-perl
42: https://packages.debian.org/src:libnet-ssleay-perl
43: https://packages.debian.org/src:libquota-perl
44: https://packages.debian.org/src:libtool
45: https://packages.debian.org/src:libxml2
46: https://packages.debian.org/src:linux
47: https://packages.debian.org/src:lxc
48: https://packages.debian.org/src:mariadb-10.0
49: https://packages.debian.org/src:mozilla-noscript
50: https://packages.debian.org/src:nullmailer
51: https://packages.debian.org/src:open-iscsi
52: https://packages.debian.org/src:openssl
53: https://packages.debian.org/src:ovirt-guest-agent
54: https://packages.debian.org/src:piuparts
55: https://packages.debian.org/src:policykit-1
56: https://packages.debian.org/src:publicsuffix
57: https://packages.debian.org/src:pypdf2
58: https://packages.debian.org/src:python-django
59: https://packages.debian.org/src:python2.7
60: https://packages.debian.org/src:quassel
61: https://packages.debian.org/src:ruby-eventmachine
62: https://packages.debian.org/src:ruby2.1
63: https://packages.debian.org/src:sendmail
64: https://packages.debian.org/src:sqlite3
65: https://packages.debian.org/src:systemd
66: https://packages.debian.org/src:tabmixplus
67: https://packages.debian.org/src:tcpreplay
68: https://packages.debian.org/src:tor
69: https://packages.debian.org/src:tzdata
70: https://packages.debian.org/src:unbound
71: https://packages.debian.org/src:util-vserver
72: https://packages.debian.org/src:vorbis-tools
73: https://packages.debian.org/src:vtk
74: https://packages.debian.org/src:wget
75: https://packages.debian.org/src:wpa
76: https://packages.debian.org/src:yaws
77: https://packages.debian.org/src:zabbix

The "mariadb-10.0" package failed to build on the powerpc architecture,
but has been included in the point release to allow quicker release of
the fix for CVE-2016-6662, which had not been disclosed at the time of
the upload. If a fix for the build failure becomes available before the
next mariadb-10.0 DSA, an updated package may be released via "jessie-
updates".


Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+----------------------------------+
| Advisory ID | Package |
+----------------+----------------------------------+
| DSA-3548 [78] | samba [79] |
| | |
| DSA-3548 [80] | talloc [81] |
| | |
| DSA-3548 [82] | tdb [83] |
| | |
| DSA-3548 [84] | tevent [85] |
| | |
| DSA-3548 [86] | ldb [87] |
| | |
| DSA-3565 [88] | monotone [89] |
| | |
| DSA-3588 [90] | symfony [91] |
| | |
| DSA-3589 [92] | gdk-pixbuf [93] |
| | |
| DSA-3590 [94] | chromium-browser [95] |
| | |
| DSA-3591 [96] | imagemagick [97] |
| | |
| DSA-3592 [98] | nginx [99] |
| | |
| DSA-3593 [100] | libxml2 [101] |
| | |
| DSA-3594 [102] | chromium-browser [103] |
| | |
| DSA-3595 [104] | mariadb-10.0 [105] |
| | |
| DSA-3596 [106] | spice [107] |
| | |
| DSA-3597 [108] | expat [109] |
| | |
| DSA-3598 [110] | vlc [111] |
| | |
| DSA-3599 [112] | p7zip [113] |
| | |
| DSA-3600 [114] | firefox-esr [115] |
| | |
| DSA-3602 [116] | php5 [117] |
| | |
| DSA-3603 [118] | libav [119] |
| | |
| DSA-3604 [120] | drupal7 [121] |
| | |
| DSA-3605 [122] | libxslt [123] |
| | |
| DSA-3606 [124] | libpdfbox-java [125] |
| | |
| DSA-3607 [126] | linux [127] |
| | |
| DSA-3608 [128] | libreoffice [129] |
| | |
| DSA-3609 [130] | tomcat8 [131] |
| | |
| DSA-3610 [132] | xerces-c [133] |
| | |
| DSA-3611 [134] | libcommons-fileupload-java [135] |
| | |
| DSA-3612 [136] | gimp [137] |
| | |
| DSA-3613 [138] | libvirt [139] |
| | |
| DSA-3614 [140] | tomcat7 [141] |
| | |
| DSA-3615 [142] | wireshark [143] |
| | |
| DSA-3616 [144] | linux [145] |
| | |
| DSA-3617 [146] | horizon [147] |
| | |
| DSA-3618 [148] | php5 [149] |
| | |
| DSA-3619 [150] | libgd2 [151] |
| | |
| DSA-3620 [152] | pidgin [153] |
| | |
| DSA-3621 [154] | mysql-connector-java [155] |
| | |
| DSA-3622 [156] | python-django [157] |
| | |
| DSA-3623 [158] | apache2 [159] |
| | |
| DSA-3624 [160] | mysql-5.5 [161] |
| | |
| DSA-3625 [162] | squid3 [163] |
| | |
| DSA-3626 [164] | openssh [165] |
| | |
| DSA-3627 [166] | phpmyadmin [167] |
| | |
| DSA-3628 [168] | libunicode-linebreak-perl [169] |
| | |
| DSA-3628 [170] | debhelper [171] |
| | |
| DSA-3628 [172] | libmime-encwords-perl [173] |
| | |
| DSA-3628 [174] | perl [175] |
| | |
| DSA-3628 [176] | libsys-syslog-perl [177] |
| | |
| DSA-3628 [178] | libmodule-build-perl [179] |
| | |
| DSA-3628 [180] | libnet-dns-perl [181] |
| | |
| DSA-3628 [182] | libintl-perl [183] |
| | |
| DSA-3628 [184] | cdbs [185] |
| | |
| DSA-3628 [186] | libmime-charset-perl [187] |
| | |
| DSA-3628 [188] | devscripts [189] |
| | |
| DSA-3628 [190] | exim4 [191] |
| | |
| DSA-3629 [192] | ntp [193] |
| | |
| DSA-3630 [194] | libgd2 [195] |
| | |
| DSA-3631 [196] | php5 [197] |
| | |
| DSA-3632 [198] | mariadb-10.0 [199] |
| | |
| DSA-3633 [200] | xen [201] |
| | |
| DSA-3634 [202] | redis [203] |
| | |
| DSA-3635 [204] | libdbd-mysql-perl [205] |
| | |
| DSA-3637 [206] | chromium-browser [207] |
| | |
| DSA-3638 [208] | curl [209] |
| | |
| DSA-3639 [210] | wordpress [211] |
| | |
| DSA-3640 [212] | firefox-esr [213] |
| | |
| DSA-3641 [214] | openjdk-7 [215] |
| | |
| DSA-3642 [216] | lighttpd [217] |
| | |
| DSA-3643 [218] | kde4libs [219] |
| | |
| DSA-3644 [220] | fontconfig [221] |
| | |
| DSA-3645 [222] | chromium-browser [223] |
| | |
| DSA-3646 [224] | postgresql-9.4 [225] |
| | |
| DSA-3647 [226] | icedove [227] |
| | |
| DSA-3648 [228] | wireshark [229] |
| | |
| DSA-3649 [230] | gnupg [231] |
| | |
| DSA-3650 [232] | libgcrypt20 [233] |
| | |
| DSA-3651 [234] | rails [235] |
| | |
| DSA-3652 [236] | imagemagick [237] |
| | |
| DSA-3653 [238] | flex [239] |
| | |
| DSA-3653 [240] | bogofilter [241] |
| | |
| DSA-3654 [242] | quagga [243] |
| | |
| DSA-3655 [244] | mupdf [245] |
| | |
| DSA-3656 [246] | tryton-server [247] |
| | |
| DSA-3657 [248] | libarchive [249] |
| | |
| DSA-3658 [250] | libidn [251] |
| | |
| DSA-3659 [252] | linux [253] |
| | |
| DSA-3660 [254] | chromium-browser [255] |
| | |
| DSA-3661 [256] | charybdis [257] |
| | |
| DSA-3662 [258] | inspircd [259] |
| | |
| DSA-3663 [260] | xen [261] |
| | |
| DSA-3664 [262] | pdns [263] |
| | |
+----------------+----------------------------------+

78: https://www.debian.org/security/2016/dsa-3548
79: https://packages.debian.org/src:samba
80: https://www.debian.org/security/2016/dsa-3548
81: https://packages.debian.org/src:talloc
82: https://www.debian.org/security/2016/dsa-3548
83: https://packages.debian.org/src:tdb
84: https://www.debian.org/security/2016/dsa-3548
85: https://packages.debian.org/src:tevent
86: https://www.debian.org/security/2016/dsa-3548
87: https://packages.debian.org/src:ldb
88: https://www.debian.org/security/2016/dsa-3565
89: https://packages.debian.org/src:monotone
90: https://www.debian.org/security/2016/dsa-3588
91: https://packages.debian.org/src:symfony
92: https://www.debian.org/security/2016/dsa-3589
93: https://packages.debian.org/src:gdk-pixbuf
94: https://www.debian.org/security/2016/dsa-3590
95: https://packages.debian.org/src:chromium-browser
96: https://www.debian.org/security/2016/dsa-3591
97: https://packages.debian.org/src:imagemagick
98: https://www.debian.org/security/2016/dsa-3592
99: https://packages.debian.org/src:nginx
100: https://www.debian.org/security/2016/dsa-3593
101: https://packages.debian.org/src:libxml2
102: https://www.debian.org/security/2016/dsa-3594
103: https://packages.debian.org/src:chromium-browser
104: https://www.debian.org/security/2016/dsa-3595
105: https://packages.debian.org/src:mariadb-10.0
106: https://www.debian.org/security/2016/dsa-3596
107: https://packages.debian.org/src:spice
108: https://www.debian.org/security/2016/dsa-3597
109: https://packages.debian.org/src:expat
110: https://www.debian.org/security/2016/dsa-3598
111: https://packages.debian.org/src:vlc
112: https://www.debian.org/security/2016/dsa-3599
113: https://packages.debian.org/src:p7zip
114: https://www.debian.org/security/2016/dsa-3600
115: https://packages.debian.org/src:firefox-esr
116: https://www.debian.org/security/2016/dsa-3602
117: https://packages.debian.org/src:php5
118: https://www.debian.org/security/2016/dsa-3603
119: https://packages.debian.org/src:libav
120: https://www.debian.org/security/2016/dsa-3604
121: https://packages.debian.org/src:drupal7
122: https://www.debian.org/security/2016/dsa-3605
123: https://packages.debian.org/src:libxslt
124: https://www.debian.org/security/2016/dsa-3606
125: https://packages.debian.org/src:libpdfbox-java
126: https://www.debian.org/security/2016/dsa-3607
127: https://packages.debian.org/src:linux
128: https://www.debian.org/security/2016/dsa-3608
129: https://packages.debian.org/src:libreoffice
130: https://www.debian.org/security/2016/dsa-3609
131: https://packages.debian.org/src:tomcat8
132: https://www.debian.org/security/2016/dsa-3610
133: https://packages.debian.org/src:xerces-c
134: https://www.debian.org/security/2016/dsa-3611
135: https://packages.debian.org/src:libcommons-fileupload-java
136: https://www.debian.org/security/2016/dsa-3612
137: https://packages.debian.org/src:gimp
138: https://www.debian.org/security/2016/dsa-3613
139: https://packages.debian.org/src:libvirt
140: https://www.debian.org/security/2016/dsa-3614
141: https://packages.debian.org/src:tomcat7
142: https://www.debian.org/security/2016/dsa-3615
143: https://packages.debian.org/src:wireshark
144: https://www.debian.org/security/2016/dsa-3616
145: https://packages.debian.org/src:linux
146: https://www.debian.org/security/2016/dsa-3617
147: https://packages.debian.org/src:horizon
148: https://www.debian.org/security/2016/dsa-3618
149: https://packages.debian.org/src:php5
150: https://www.debian.org/security/2016/dsa-3619
151: https://packages.debian.org/src:libgd2
152: https://www.debian.org/security/2016/dsa-3620
153: https://packages.debian.org/src:pidgin
154: https://www.debian.org/security/2016/dsa-3621
155: https://packages.debian.org/src:mysql-connector-java
156: https://www.debian.org/security/2016/dsa-3622
157: https://packages.debian.org/src:python-django
158: https://www.debian.org/security/2016/dsa-3623
159: https://packages.debian.org/src:apache2
160: https://www.debian.org/security/2016/dsa-3624
161: https://packages.debian.org/src:mysql-5.5
162: https://www.debian.org/security/2016/dsa-3625
163: https://packages.debian.org/src:squid3
164: https://www.debian.org/security/2016/dsa-3626
165: https://packages.debian.org/src:openssh
166: https://www.debian.org/security/2016/dsa-3627
167: https://packages.debian.org/src:phpmyadmin
168: https://www.debian.org/security/2016/dsa-3628
169: https://packages.debian.org/src:libunicode-linebreak-perl
170: https://www.debian.org/security/2016/dsa-3628
171: https://packages.debian.org/src:debhelper
172: https://www.debian.org/security/2016/dsa-3628
173: https://packages.debian.org/src:libmime-encwords-perl
174: https://www.debian.org/security/2016/dsa-3628
175: https://packages.debian.org/src:perl
176: https://www.debian.org/security/2016/dsa-3628
177: https://packages.debian.org/src:libsys-syslog-perl
178: https://www.debian.org/security/2016/dsa-3628
179: https://packages.debian.org/src:libmodule-build-perl
180: https://www.debian.org/security/2016/dsa-3628
181: https://packages.debian.org/src:libnet-dns-perl
182: https://www.debian.org/security/2016/dsa-3628
183: https://packages.debian.org/src:libintl-perl
184: https://www.debian.org/security/2016/dsa-3628
185: https://packages.debian.org/src:cdbs
186: https://www.debian.org/security/2016/dsa-3628
187: https://packages.debian.org/src:libmime-charset-perl
188: https://www.debian.org/security/2016/dsa-3628
189: https://packages.debian.org/src:devscripts
190: https://www.debian.org/security/2016/dsa-3628
191: https://packages.debian.org/src:exim4
192: https://www.debian.org/security/2016/dsa-3629
193: https://packages.debian.org/src:ntp
194: https://www.debian.org/security/2016/dsa-3630
195: https://packages.debian.org/src:libgd2
196: https://www.debian.org/security/2016/dsa-3631
197: https://packages.debian.org/src:php5
198: https://www.debian.org/security/2016/dsa-3632
199: https://packages.debian.org/src:mariadb-10.0
200: https://www.debian.org/security/2016/dsa-3633
201: https://packages.debian.org/src:xen
202: https://www.debian.org/security/2016/dsa-3634
203: https://packages.debian.org/src:redis
204: https://www.debian.org/security/2016/dsa-3635
205: https://packages.debian.org/src:libdbd-mysql-perl
206: https://www.debian.org/security/2016/dsa-3637
207: https://packages.debian.org/src:chromium-browser
208: https://www.debian.org/security/2016/dsa-3638
209: https://packages.debian.org/src:curl
210: https://www.debian.org/security/2016/dsa-3639
211: https://packages.debian.org/src:wordpress
212: https://www.debian.org/security/2016/dsa-3640
213: https://packages.debian.org/src:firefox-esr
214: https://www.debian.org/security/2016/dsa-3641
215: https://packages.debian.org/src:openjdk-7
216: https://www.debian.org/security/2016/dsa-3642
217: https://packages.debian.org/src:lighttpd
218: https://www.debian.org/security/2016/dsa-3643
219: https://packages.debian.org/src:kde4libs
220: https://www.debian.org/security/2016/dsa-3644
221: https://packages.debian.org/src:fontconfig
222: https://www.debian.org/security/2016/dsa-3645
223: https://packages.debian.org/src:chromium-browser
224: https://www.debian.org/security/2016/dsa-3646
225: https://packages.debian.org/src:postgresql-9.4
226: https://www.debian.org/security/2016/dsa-3647
227: https://packages.debian.org/src:icedove
228: https://www.debian.org/security/2016/dsa-3648
229: https://packages.debian.org/src:wireshark
230: https://www.debian.org/security/2016/dsa-3649
231: https://packages.debian.org/src:gnupg
232: https://www.debian.org/security/2016/dsa-3650
233: https://packages.debian.org/src:libgcrypt20
234: https://www.debian.org/security/2016/dsa-3651
235: https://packages.debian.org/src:rails
236: https://www.debian.org/security/2016/dsa-3652
237: https://packages.debian.org/src:imagemagick
238: https://www.debian.org/security/2016/dsa-3653
239: https://packages.debian.org/src:flex
240: https://www.debian.org/security/2016/dsa-3653
241: https://packages.debian.org/src:bogofilter
242: https://www.debian.org/security/2016/dsa-3654
243: https://packages.debian.org/src:quagga
244: https://www.debian.org/security/2016/dsa-3655
245: https://packages.debian.org/src:mupdf
246: https://www.debian.org/security/2016/dsa-3656
247: https://packages.debian.org/src:tryton-server
248: https://www.debian.org/security/2016/dsa-3657
249: https://packages.debian.org/src:libarchive
250: https://www.debian.org/security/2016/dsa-3658
251: https://packages.debian.org/src:libidn
252: https://www.debian.org/security/2016/dsa-3659
253: https://packages.debian.org/src:linux
254: https://www.debian.org/security/2016/dsa-3660
255: https://packages.debian.org/src:chromium-browser
256: https://www.debian.org/security/2016/dsa-3661
257: https://packages.debian.org/src:charybdis
258: https://www.debian.org/security/2016/dsa-3662
259: https://packages.debian.org/src:inspircd
260: https://www.debian.org/security/2016/dsa-3663
261: https://packages.debian.org/src:xen
262: https://www.debian.org/security/2016/dsa-3664
263: https://packages.debian.org/src:pdns

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------+-----------------------------------+
| Package | Reason |
+-------------+-----------------------------------+
| minit [264] | Unmaintained and outdated |
| | |
| trn [265] | Security issues; replaced by trn4 |
| | |
+-------------+-----------------------------------+

264: https://packages.debian.org/src:minit
265: https://packages.debian.org/src:trn

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/ [266]

266: https://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
  Debian GNU/Linux 8.6 released