Debian Stretch Openstack images changelog 9.4.2-20180330 Updates in 3 source package(s), 18 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) * CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC) * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) * Add patches to pass the testsuite: - Fix-a-Proxy-race-condition.patch - Fix-race-condition-in-TLSProxy.patch Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (232-25+deb9u3) stretch; urgency=medium [ Cyril Brulebois ] * networkd-ndisc: Handle missing mtu gracefully. The previous upload made networkd respect the MTU field in IPv6 RA but unfortunately broke setups where there's no such field. (Closes: #892794) Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2l-2+deb9u3) stretch-security; urgency=high * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) -- Steve McIntyre <93sam@debian.org> Fri, 30 Mar 2018 18:09:52 +0100 9.4.1-20180325 Updates in 2 source package(s), 18 binary package(s): Source util-linux, binaries: bsdutils:amd64 libblkid1:amd64 libfdisk1:amd64 libmount1:amd64 libsmartcols1:amd64 libuuid1:amd64 mount:amd64 util-linux:amd64 bsdutils:arm64 libblkid1:arm64 libfdisk1:arm64 libmount1:arm64 libsmartcols1:arm64 libuuid1:arm64 mount:arm64 util-linux:arm64 util-linux (2.29.2-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * bash-completion: (umount) use findmnt, escape a space in paths (CVE-2018-7738) (Closes: #892179) Source icu, binaries: libicu57:amd64 libicu57:arm64 icu (57.1-6+deb9u2) stretch-security; urgency=high * Backport upstream security fix for CVE-2017-15422: Persian calendar integer overflow (closes: #892766). -- Steve McIntyre <93sam@debian.org> Mon, 26 Mar 2018 12:45:08 +0100 9.4.0-20180310 First build for 9.4.0 release -- Steve McIntyre <93sam@debian.org> Sun, 11 Mar 2018 00:25:26 +0000