Debian Stretch Openstack images changelog 9.6.2-20181228 Updates in 1 source package(s), 2 binary package(s): Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium * use signing-key.asc and a https links for downloads * Import 1.0.2q stable release. - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) -- Steve McIntyre <93sam@debian.org> Fri, 28 Dec 2018 23:19:13 +0000 9.6.1-20181206 Updates in 3 source package(s), 8 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.0j-1~deb9u1) stretch-security; urgency=medium * Import 1.1.0j - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-0735 (Timing vulnerability in ECDSA signature generation) - add new symbols openssl (1.1.0i-1~deb9u1) stretch; urgency=medium * Import 1.1.0i - Fix segfault ERR_clear_error (Closes: #903566) - Fix commandline option for CAengine (Closes: #907457) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) * Abort the build if symbols are discovered which are not part of the symbols file. * use signing-key.asc and a https links for downloads Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium * Backport SSBD support (Closes: #908682) * CVE-2018-10839 (Closes: #910431) * CVE-2018-17962 (Closes: #911468) * CVE-2018-17963 (Closes: #911469) Source perl, binaries: perl-base:amd64 perl-base:arm64 perl (5.24.1-3+deb9u5) stretch-security; urgency=high * [SECURITY] CVE-2018-18311: Integer overflow leading to buffer overflow and segmentation fault * [SECURITY] CVE-2018-18312: Heap-buffer-overflow write in S_regatom (regcomp.c) * [SECURITY] CVE-2018-18313: Heap-buffer-overflow read in regcomp.c * [SECURITY] CVE-2018-18314: Heap-based buffer overflow in extended character classes -- Steve McIntyre <93sam@debian.org> Thu, 06 Dec 2018 13:43:13 +0000 9.6.0-20181110 First build for 9.6.0 release -- Steve McIntyre <93sam@debian.org> Sat, 10 Nov 2018 21:15:11 +0000