Debian Stretch Openstack images changelog 9.11.3-20191003 Updates in 3 source package(s), 14 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.0l-1~deb9u1) stretch-security; urgency=medium * Import 1.1.0l - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2t-1~deb9u1) stretch-security; urgency=medium * Import 1.0.2t - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). Source e2fsprogs, binaries: e2fslibs:amd64 e2fsprogs:amd64 libcomerr2:amd64 libss2:amd64 e2fslibs:arm64 e2fsprogs:arm64 libcomerr2:arm64 libss2:arm64 e2fsprogs (1.43.4-2+deb9u1) stretch-security; urgency=high * Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139) -- Steve McIntyre <93sam@debian.org> Fri, 04 Oct 2019 18:22:52 +0100 9.11.2-20190926 Updates in 1 source package(s), 2 binary package(s): Source linux, binaries: linux-image-4.9.0-11-amd64:amd64 linux-image-4.9.0-11-arm64:arm64 linux (4.9.189-3+deb9u1) stretch-security; urgency=high * vhost: make sure log_num < in_num (CVE-2019-14835) * ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit (CVE-2019-15117) * ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term (CVE-2019-15118) * [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) * KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) -- Steve McIntyre <93sam@debian.org> Thu, 26 Sep 2019 05:52:52 +0100 9.11.1-20190923 Updates in 2 source package(s), 4 binary package(s): Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2019c-0+deb9u1) stretch; urgency=medium * New upstream version, affecting the following future timestamps: - Fiji's next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk Island will observe Australian-style DST starting in spring 2019. The first transition is on 2019-10-06. Source expat, binaries: libexpat1:amd64 libexpat1:arm64 expat (2.2.0-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903) (Closes: #939394) -- Steve McIntyre <93sam@debian.org> Mon, 23 Sep 2019 16:41:52 -0700 9.11.0 First build for 9.11.0 release -- Steve McIntyre <93sam@debian.org> Mon, 09 Sep 2019 10:57:54 +0100