The thirteenth and final update of the oldstable distribution Debian GNU/Linux 9 is available. This point release mainly adds corrections for security issues, along with a few adjustments for serious problems.
A nss security update has been released for Debian GNU/Linux 10 to address several vulnerabilities which may result in side channel/timing attacks or denial of service.
A tomcat9 security update has been released for Debian GNU/Linux 10 to address several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service.
A tomcat8 security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue that could lead to a denial of service.
A evolution-data-server security update has been released for Debian GNU/Linux 9 LTS to address a response injection vulnerability in Evolution data server, which could enable MITM attacks.
Ondřej Surý has released PHP 7.3.20 and 7.4.8 packages for Debian GNU/Linux 9 LTS and 10.
A tomcat7 security update has been released for Debian GNU/Linux 8 Extended LTS.
A python3.5 security update has been released for Debian GNU/Linux 9 LTS to address multiple security issues.
A webkit2gtk security update has been released for Debian GNU/Linux 9 LTS to address an issue where an attacker may be able to execute commands outside the bubblewrap sandbox.
A evolution-data-server security update has been released for Debian GNU/Linux 10 to address a response injection vulnerability in Evolution data server, which could enable MITM attacks.
An wpa security update has been released for Debian GNU/Linux 8 LTS to address the CallStranger issue.
An openjpeg2 security update has been released for Debian GNU/Linux 8 LTS to address a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor.
A chromium regression update has been released for Debian GNU/Linux 10 to address an issue introduced by the previous update.
A xen security update has been released for Debian GNU/Linux 10 to address multiple vulnerabilities in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
A tomcat8 security update has been released for Debian GNU/Linux 9 LTS to address several security vulnerabilities.
A mailman security update has been released for Debian GNU/Linux 9 LTSto address two security issues.
A ruby-rack security update has been released for Debian GNU/Linux 9 LTS to address a directory traversal vulnerability and cookies issue.
A squid3 security update has been released for Debian GNU/Linux 9 LTS to address multiple security vulnerabilities.
An openjpeg2 security update has been released for Debian GNU/Linux 9 LTS to address 4 security issues.
Sury.org will no longer provide new PHP packages for Debian GNU/Linux 8. Debian 8 is currently maintained by Freexian as part of the extended LTS support, however regular LTS support has ended last month.
