Re: [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update
how do i unenroll from deb 8 lts, now that I have upgraded the box to deb 10 ? On Tue, Aug 11, 2020 at 3:38 AM Adrian Bunk wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian LTS Advisory DLA-2320-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ > August 10, 2020 https://wiki.debian.org/LTS > - - > > Package: golang-github-seccomp-libseccomp-golang > Version: 0.0~git20150813.0.1b506fc-2+deb9u1 > CVE ID : CVE-2017-18367 > Debian Bug : 927981 > > A process running under a restrictive seccomp filter that specified > multiple syscall arguments could bypass intended access restrictions by > specifying a single matching argument. > > Additionally, runc has been rebuilt with the fixed package. > > For Debian 9 stretch, this problem has been fixed in version > 0.0~git20150813.0.1b506fc-2+deb9u1. > > We recommend that you upgrade your golang-github-seccomp-libseccomp-golang > and runc packages, and recompile own Go code using > golang-github-seccomp-libseccomp-golang. > > For the detailed security status of > golang-github-seccomp-libseccomp-golang please refer to > its security tracker page at: > > https://security-tracker.debian.org/tracker/golang-github-seccomp-libseccomp-golang > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8yWLUACgkQiNJCh6LY > mLEmXxAAnBoGPtHAX1fM2zHnYh5GByVCrXktxBCXus7OFhR1aSbMgsCIlv1/NXrg > w1StkihnAsbuM65T6R4C2Foi5UoBwtSbK8YGSUj9mHPRvdF/Tq1f2JPVp4NV+hKF > aZt3QN3sIU2orNkhtwv9nZ995sMcVRscG2GQccak4xA5ERCA5L4ftBqiNeO6F10Q > foLUSJoMBJgJFlGgvUeY+3DDVYFAgPg9Hklrd0E+2PkYGQndQGIAXYK7GS7zMz+6 > Rl7RppaQSwwY3L8kzGDsmuYcthFi7dYKEFX/jWx4sfoVv43TglbmHPr0vMLmxBLa > RAzOZeU+wUAHWbG+v5/hfIDPkVvEXuM016S1YHAVo06OZ/vPicOkWuxJovG3k7vP > HAB1S5QcU9189s2YHX27bRlwuRORPmdHQODq/H7UeQEvMBD3M/TqcYDl/xeRREvM > hMtSitTSt6XLi4puZ9gKzC0/d8sj4HD72w1aZsjeKul2Yvu7MlLdSRcsrD/7Yb3l > sbxH0uC4PQVLvx99VY17fp2jSGEQL5ClF5fYTaLAbKpAWVNExH5AQlqYAJS2rvI1 > ZKeqz8UAJ/URAthUEVfrBiWb7qCPoWDEV8kvDurf+mSIHol8ute8BTP/fKe/Uxdx > q/4Fn0Fu1symZjsuXUTwTiFFG0rd9tH/mAOCa4Lwen5USzs/mTM= > =5aB7 > -END PGP SIGNATURE- > > -- Mark Heimstaedt
Re: slirp / CVE-2020-7039 / CVE-2020-8608
On Wed, Aug 12, 2020 at 08:55:43AM +1000, Brian May wrote: > I am seriously thinking that slirp from unstable should be ported as is > from sid to buster and stretch. This is not a new upstream version, it > has bug fixes and security updates only. Probably the same changes I > would have to make myself in fact. Such as replacing sprintf calls with > snprintf calls for example. > > This would fix CVE-2020-7039 and provide the prerequisite to fixing > CVE-2020-8608. > > Only thing, I am not sure what to do with the versioning: > > stretch 1:1.0.17-8 > buster 1:1.0.17-8 > sid 1:1.0.17-10 > > In fact, because stretch and buster has the same version, does this mean > I can't make any security uploads to stretch? > > On the other hand the security team has marked both these as no-DSA, in > buster meaning maybe I should do the same thing too? I would ask the Security Team if they are open to considering taking 1:1.0.17-10 into buster. The version would be 1:1.0.17-10~deb10u1. If they agree, then you could subsequently upload to stretch with version 1:1.0.17-10~deb9u1. If they are not open to considering it, then it seems that the only viable course of action is the mark them no-dsa. Regards, -Roberto -- Roberto C. Sánchez
slirp / CVE-2020-7039 / CVE-2020-8608
I am seriously thinking that slirp from unstable should be ported as is from sid to buster and stretch. This is not a new upstream version, it has bug fixes and security updates only. Probably the same changes I would have to make myself in fact. Such as replacing sprintf calls with snprintf calls for example. This would fix CVE-2020-7039 and provide the prerequisite to fixing CVE-2020-8608. Only thing, I am not sure what to do with the versioning: stretch 1:1.0.17-8 buster 1:1.0.17-8 sid 1:1.0.17-10 In fact, because stretch and buster has the same version, does this mean I can't make any security uploads to stretch? On the other hand the security team has marked both these as no-DSA, in buster meaning maybe I should do the same thing too? -- Brian May https://linuxpenguins.xyz/brian/
Re: roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious SVG or math content
Hi Roberto, On Tue, 11 Aug 2020 at 14:57:15 -0400, Roberto C. Sánchez wrote: >>> Dear security team, Should have been LTS team of course, bad templating from my side :-P >> I'll take care of it shortly. >> > I have uploaded the updated, published the DLA to the mailing list and > submitted a Salsa MR for the advisory update on the website. Many thanks for this! -- Guilhem. signature.asc Description: PGP signature
Re: roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious SVG or math content
On Tue, Aug 11, 2020 at 01:40:48PM -0400, Roberto C. Sánchez wrote: > On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote: > > Dear security team, > > > > In a recent post roundcube webmail upstream has announced the following > > security fix for #968216: > > > > Cross-site scripting (XSS) via HTML messages with malicious SVG > > or math content (CVE-2020-16145) > > > > AFAICT CVE-2020-16145 is only about SVG not math, but the upstream > > commit addresses both so I opened a single bug: > > https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e > > > > Debdiff tested and attached, but I'd appreciate if you could take care > > of the DLA :-) > > > > Thanks! > > Cheers, > > -- > > Guilhem. > > Hi Guilhem, > > I'll take care of it shortly. > I have uploaded the updated, published the DLA to the mailing list and submitted a Salsa MR for the advisory update on the website. Regards, -Roberto -- Roberto C. Sánchez
[SECURITY] [DLA 2322-1] roundcube security update
- Debian LTS Advisory DLA-2322-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 11, 2020 https://wiki.debian.org/LTS - Package: roundcube Version: 1.2.3+dfsg.1-4+deb9u7 CVE ID : CVE-2020-16145 Debian Bug : 968216 A vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. HTML messages with malicious svg or math content can exploit a Cross-site scripting (XSS) vulnerability. For Debian 9 stretch, this problem has been fixed in version 1.2.3+dfsg.1-4+deb9u7. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
Accepted roundcube 1.2.3+dfsg.1-4+deb9u7 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 11 Aug 2020 18:38:40 +0200 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source Version: 1.2.3+dfsg.1-4+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian Roundcube Maintainers Changed-By: Guilhem Moulin Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 968216 Changes: roundcube (1.2.3+dfsg.1-4+deb9u7) stretch-security; urgency=high . * Backport security fix for CVE-2020-16145: Cross-site scripting (XSS) vulnerability via HTML messages with malicious svg or math content. (Closes: #968216) Checksums-Sha1: cf91b08e1e8e39aca71e0961e0ca4c72a9ee4b58 2472 roundcube_1.2.3+dfsg.1-4+deb9u7.dsc 7a444b3e75efa155ec3b42e6e746a4b02fda295d 4448976 roundcube_1.2.3+dfsg.1-4+deb9u7.debian.tar.xz 8a8e831f372e4dc10593793d3143cfe8ad7707a7 9392 roundcube_1.2.3+dfsg.1-4+deb9u7_amd64.buildinfo Checksums-Sha256: 74db66dbffe5063a0b59fc9c79546c27c45c6ae969c157a110306c992c66fce0 2472 roundcube_1.2.3+dfsg.1-4+deb9u7.dsc 5f200b0a0887f3a3a5a0b2c0134dd9f9c88fb0968a2d280a5ac80dc37da7d42b 4448976 roundcube_1.2.3+dfsg.1-4+deb9u7.debian.tar.xz 65912ec0c3cdc3a5e821804e901e7d57c27787bf535807984e3bb5592c97ef76 9392 roundcube_1.2.3+dfsg.1-4+deb9u7_amd64.buildinfo Files: f988bc13ac16d8765ea6719c4cbaf6a5 2472 web extra roundcube_1.2.3+dfsg.1-4+deb9u7.dsc 17ce1165901a8ece1f9dbf786289de07 4448976 web extra roundcube_1.2.3+dfsg.1-4+deb9u7.debian.tar.xz 8a8759830ee9a1952e46e50b0db2a774 9392 web extra roundcube_1.2.3+dfsg.1-4+deb9u7_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl8y30UACgkQLNd4Xt2n sg9O8Q//Z4Gq2Ozsir/N4mU3TOBRqRm6FW6JugSBDq6caEHSke5D5Zriguv2BNrO BMhC7j9e1SuUQWa3HAX7gr1kU1DaCOw9Ca4sIBVrmbP78Vm8LnwVNnhgHoeWZ8fo iZ+UgTajGBlw8EnUP9+JYMSLt2H+/0NRoOi3HrXmAVwEjp4eHyErcE0l6xF6nwjk VLOC1WsVimVLLRD8Z/BHl1FWNVDEeLwy3ObCRUz0wzPMCjv6KsWJEeIMs/4bDS50 6ah2GnyZ8Dd89GBv7hLYvBoCH4Mhm9E6nNL1A+0/ryVHyZQDewthKkYTdxUbnLfm GjPPYpfDsPPKB2gOWuxR4xuyue1Gt4twngScdtmbTlJhok1qU4PcX+NRS4zU/eDn zAStAUuQNGGlKM4GzvqGBQicdXDcdDhSPadr+Zh9D8lT3IwOMBeqYARsuRp1gbkn rt4rcjGpdr1Ba4iITWobpz8b3Jy+N4h5qyGSrF9Oq11uXm0PpXmnonApWvMB3PDe NTlKmFjSUbHugmHoQ0t6hP3vCUEY3s05NFVve+6AK5gr2OCR5YaeSoHErroPMtck q0NTepKmPE92WRUqbvUPcb2lp4opax3Ol5Rnr536EhmiIfm8hK7orahKzd2UpK/j LUbSY/J1f6C327H7ul13eGrOdiGTw4gDXQWaPZIghxk7ravgSs8= =U5Gw -END PGP SIGNATURE-
Re: roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious SVG or math content
On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote: > Dear security team, > > In a recent post roundcube webmail upstream has announced the following > security fix for #968216: > > Cross-site scripting (XSS) via HTML messages with malicious SVG > or math content (CVE-2020-16145) > > AFAICT CVE-2020-16145 is only about SVG not math, but the upstream > commit addresses both so I opened a single bug: > https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e > > Debdiff tested and attached, but I'd appreciate if you could take care > of the DLA :-) > > Thanks! > Cheers, > -- > Guilhem. Hi Guilhem, I'll take care of it shortly. Regards, -Roberto -- Roberto C. Sánchez
roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious SVG or math content
Dear security team, In a recent post roundcube webmail upstream has announced the following security fix for #968216: Cross-site scripting (XSS) via HTML messages with malicious SVG or math content (CVE-2020-16145) AFAICT CVE-2020-16145 is only about SVG not math, but the upstream commit addresses both so I opened a single bug: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e Debdiff tested and attached, but I'd appreciate if you could take care of the DLA :-) Thanks! Cheers, -- Guilhem. diffstat for roundcube-1.2.3+dfsg.1 roundcube-1.2.3+dfsg.1 changelog|8 +++ patches/CVE-2020-16145.patch | 107 +++ patches/series |1 3 files changed, 116 insertions(+) diff -Nru roundcube-1.2.3+dfsg.1/debian/changelog roundcube-1.2.3+dfsg.1/debian/changelog --- roundcube-1.2.3+dfsg.1/debian/changelog 2020-07-06 16:14:59.0 +0200 +++ roundcube-1.2.3+dfsg.1/debian/changelog 2020-08-11 18:38:40.0 +0200 @@ -1,3 +1,11 @@ +roundcube (1.2.3+dfsg.1-4+deb9u7) stretch-security; urgency=high + + * Backport security fix for CVE-2020-16145: Cross-site scripting (XSS) +vulnerability via HTML messages with malicious svg or math +content. (Closes: #968216) + + -- Guilhem Moulin Tue, 11 Aug 2020 18:38:40 +0200 + roundcube (1.2.3+dfsg.1-4+deb9u6) stretch; urgency=high * Backport security fix for CVE-2020-15562: Cross-Site Scripting (XSS) diff -Nru roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-16145.patch roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-16145.patch --- roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-16145.patch 1970-01-01 01:00:00.0 +0100 +++ roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-16145.patch 2020-08-11 18:38:40.0 +0200 @@ -0,0 +1,107 @@ +commit 589d36010048300ed39f4887aab1afd3ae98d00e +Author: Aleksander Machniak +Date: Sun Aug 9 18:02:16 2020 +0200 + +Fix cross-site scripting (XSS) via HTML messages with malicious svg or math content + +diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php +index 4c5ca46a3..81a3edf1b 100644 +--- a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php +@@ -365,7 +365,30 @@ class rcube_washtml + return $this->config['blocked_src']; + } + } +-else if (preg_match('/^data:image.+/i', $uri)) { // RFC2397 ++else if (preg_match('/^data:image\/([^,]+),(.+)$/i', $uri, $matches)) { // RFC2397 ++// svg images can be insecure, we'll sanitize them ++if (stripos($matches[1], 'svg') !== false) { ++$svg = $matches[2]; ++ ++if (stripos($matches[1], ';base64') !== false) { ++$svg = base64_decode($svg); ++$type = $matches[1]; ++} ++else { ++$type = $matches[1] . ';base64'; ++} ++ ++$washer = new self($this->config); ++$svg= $washer->wash($svg); ++ ++// Invalid svg content ++if (empty($svg)) { ++return null; ++} ++ ++return 'data:image/' . $type . ',' . base64_encode($svg); ++} ++ + return $uri; + } + } +@@ -375,7 +398,7 @@ class rcube_washtml + */ + private function is_link_attribute($tag, $attr) + { +-return ($tag == 'a' || $tag == 'area') && $attr == 'href'; ++return $attr === 'href'; + } + + /** +@@ -387,6 +410,7 @@ class rcube_washtml + || $attr == 'color-profile' // SVG + || ($attr == 'poster' && $tag == 'video') + || ($attr == 'src' && preg_match('/^(img|source)$/i', $tag)) ++|| ($tag == 'use' && $attr == 'href') // SVG + || ($tag == 'image' && $attr == 'href'); // SVG + } + +@@ -399,6 +423,31 @@ class rcube_washtml + 'marker-end', 'marker-mid', 'clip-path', 'mask', 'cursor')); + } + ++/** ++ * Check if a specified element has an attribute with specified value. ++ * Do it in case-insensitive manner. ++ * ++ * @param DOMElement $node The element ++ * @param string $attr_name The attribute name ++ * @param string $attr_value The attribute value to find ++ * ++ * @return bool True if the specified attribute exists and has the expected value ++ */ ++private static function attribute_value($node, $attr_name, $attr_value) ++{ ++$attr_name = strtolower($attr_name); ++ ++foreach ($node->attributes as $name => $attr) { ++if (strtolower($name) === $attr_name) { ++if (strtolower($attr_value) === strtolower($attr->nodeValue)) { ++return true; ++} ++} ++} ++ ++return
Accepted linux-4.19 4.19.132-1~deb9u2 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 11 Aug 2020 13:47:06 +0100 Source: linux-4.19 Binary: linux-support-4.19.0-0.bpo.10 linux-doc-4.19 linux-kbuild-4.19 linux-perf-4.19 linux-bootwrapper-4.19.0-0.bpo.10 linux-source-4.19 linux-headers-4.19.0-0.bpo.10-common linux-headers-4.19.0-0.bpo.10-common-rt linux-headers-4.19.0-0.bpo.10-all linux-headers-4.19.0-0.bpo.10-all-alpha linux-config-4.19 linux-image-4.19.0-0.bpo.10-alpha-generic linux-headers-4.19.0-0.bpo.10-alpha-generic linux-image-4.19.0-0.bpo.10-alpha-generic-dbg linux-image-4.19.0-0.bpo.10-alpha-smp linux-headers-4.19.0-0.bpo.10-alpha-smp linux-image-4.19.0-0.bpo.10-alpha-smp-dbg linux-headers-4.19.0-0.bpo.10-all-amd64 linux-image-4.19.0-0.bpo.10-amd64 linux-headers-4.19.0-0.bpo.10-amd64 linux-image-4.19.0-0.bpo.10-amd64-dbg linux-image-4.19.0-0.bpo.10-cloud-amd64 linux-headers-4.19.0-0.bpo.10-cloud-amd64 linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg linux-image-4.19.0-0.bpo.10-rt-amd64 linux-headers-4.19.0-0.bpo.10-rt-amd64 linux-image-4.19.0-0.bpo.10-rt-amd64-dbg linux-headers-4.19.0-0.bpo.10-all-arm64 linux-image-4.19.0-0.bpo.10-arm64 linux-headers-4.19.0-0.bpo.10-arm64 linux-image-4.19.0-0.bpo.10-arm64-dbg linux-image-4.19.0-0.bpo.10-rt-arm64 linux-headers-4.19.0-0.bpo.10-rt-arm64 linux-image-4.19.0-0.bpo.10-rt-arm64-dbg linux-headers-4.19.0-0.bpo.10-all-armel linux-image-4.19.0-0.bpo.10-marvell linux-headers-4.19.0-0.bpo.10-marvell linux-image-4.19.0-0.bpo.10-marvell-dbg linux-image-4.19.0-0.bpo.10-rpi linux-headers-4.19.0-0.bpo.10-rpi linux-image-4.19.0-0.bpo.10-rpi-dbg linux-headers-4.19.0-0.bpo.10-all-armhf linux-image-4.19.0-0.bpo.10-armmp linux-headers-4.19.0-0.bpo.10-armmp linux-image-4.19.0-0.bpo.10-armmp-dbg linux-image-4.19.0-0.bpo.10-armmp-lpae linux-headers-4.19.0-0.bpo.10-armmp-lpae linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg linux-image-4.19.0-0.bpo.10-rt-armmp linux-headers-4.19.0-0.bpo.10-rt-armmp linux-image-4.19.0-0.bpo.10-rt-armmp-dbg linux-headers-4.19.0-0.bpo.10-all-hppa linux-image-4.19.0-0.bpo.10-parisc linux-headers-4.19.0-0.bpo.10-parisc linux-image-4.19.0-0.bpo.10-parisc-smp linux-headers-4.19.0-0.bpo.10-parisc-smp linux-image-4.19.0-0.bpo.10-parisc64-smp linux-headers-4.19.0-0.bpo.10-parisc64-smp linux-headers-4.19.0-0.bpo.10-all-i386 linux-image-4.19.0-0.bpo.10-686 linux-headers-4.19.0-0.bpo.10-686 linux-image-4.19.0-0.bpo.10-686-dbg linux-image-4.19.0-0.bpo.10-686-pae linux-headers-4.19.0-0.bpo.10-686-pae linux-image-4.19.0-0.bpo.10-686-pae-dbg linux-image-4.19.0-0.bpo.10-rt-686-pae linux-headers-4.19.0-0.bpo.10-rt-686-pae linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg linux-headers-4.19.0-0.bpo.10-all-ia64 linux-image-4.19.0-0.bpo.10-itanium linux-headers-4.19.0-0.bpo.10-itanium linux-image-4.19.0-0.bpo.10-itanium-dbg linux-image-4.19.0-0.bpo.10-mckinley linux-headers-4.19.0-0.bpo.10-mckinley linux-image-4.19.0-0.bpo.10-mckinley-dbg linux-headers-4.19.0-0.bpo.10-all-m68k linux-image-4.19.0-0.bpo.10-m68k linux-headers-4.19.0-0.bpo.10-m68k linux-image-4.19.0-0.bpo.10-m68k-dbg linux-headers-4.19.0-0.bpo.10-all-mips linux-image-4.19.0-0.bpo.10-4kc-malta linux-headers-4.19.0-0.bpo.10-4kc-malta linux-image-4.19.0-0.bpo.10-4kc-malta-dbg linux-image-4.19.0-0.bpo.10-5kc-malta linux-headers-4.19.0-0.bpo.10-5kc-malta linux-image-4.19.0-0.bpo.10-5kc-malta-dbg linux-image-4.19.0-0.bpo.10-octeon linux-headers-4.19.0-0.bpo.10-octeon linux-image-4.19.0-0.bpo.10-octeon-dbg linux-headers-4.19.0-0.bpo.10-all-mips64 linux-headers-4.19.0-0.bpo.10-all-mips64el linux-image-4.19.0-0.bpo.10-loongson-3 linux-headers-4.19.0-0.bpo.10-loongson-3 linux-image-4.19.0-0.bpo.10-loongson-3-dbg linux-headers-4.19.0-0.bpo.10-all-mips64r6 linux-image-4.19.0-0.bpo.10-mips64r6 linux-headers-4.19.0-0.bpo.10-mips64r6 linux-image-4.19.0-0.bpo.10-mips64r6-dbg linux-headers-4.19.0-0.bpo.10-all-mips64r6el linux-image-4.19.0-0.bpo.10-mips64r6el linux-headers-4.19.0-0.bpo.10-mips64r6el linux-image-4.19.0-0.bpo.10-mips64r6el-dbg linux-headers-4.19.0-0.bpo.10-all-mipsel linux-headers-4.19.0-0.bpo.10-all-mipsr6 linux-image-4.19.0-0.bpo.10-mips32r6 linux-headers-4.19.0-0.bpo.10-mips32r6 linux-image-4.19.0-0.bpo.10-mips32r6-dbg linux-headers-4.19.0-0.bpo.10-all-mipsr6el linux-image-4.19.0-0.bpo.10-mips32r6el linux-headers-4.19.0-0.bpo.10-mips32r6el linux-image-4.19.0-0.bpo.10-mips32r6el-dbg linux-headers-4.19.0-0.bpo.10-all-powerpc linux-image-4.19.0-0.bpo.10-powerpc linux-headers-4.19.0-0.bpo.10-powerpc linux-image-4.19.0-0.bpo.10-powerpc-dbg linux-image-4.19.0-0.bpo.10-powerpc-smp linux-headers-4.19.0-0.bpo.10-powerpc-smp linux-image-4.19.0-0.bpo.10-powerpc-smp-dbg linux-image-4.19.0-0.bpo.10-powerpc64 linux-headers-4.19.0-0.bpo.10-powerpc64 linux-image-4.19.0-0.bpo.10-powerpc64-dbg linux-headers-4.19.0-0.bpo.10-all-powerpcspe linux-image-4.19.0-0.bpo.10-powerpcspe linux-headers-4.19.0-0.bpo.10-powerpcspe linux-image-4.19.0-0.bpo.10-powerpcspe-dbg
[SECURITY] [DLA 2321-1] firmware-nonfree new upstream version
- Debian LTS Advisory DLA-2321-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 11, 2020 https://wiki.debian.org/LTS - Package: firmware-nonfree Version: 20190114-2~deb9u1 The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later, this will provide a supported upgrade path for systems that currently use kernel and firmware packages from the "stretch-backports" suite. This update is not known to fix any security issues. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams signature.asc Description: This is a digitally signed message part
[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2320-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 10, 2020 https://wiki.debian.org/LTS - - Package: golang-github-seccomp-libseccomp-golang Version: 0.0~git20150813.0.1b506fc-2+deb9u1 CVE ID : CVE-2017-18367 Debian Bug : 927981 A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Additionally, runc has been rebuilt with the fixed package. For Debian 9 stretch, this problem has been fixed in version 0.0~git20150813.0.1b506fc-2+deb9u1. We recommend that you upgrade your golang-github-seccomp-libseccomp-golang and runc packages, and recompile own Go code using golang-github-seccomp-libseccomp-golang. For the detailed security status of golang-github-seccomp-libseccomp-golang please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-github-seccomp-libseccomp-golang Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8yWLUACgkQiNJCh6LY mLEmXxAAnBoGPtHAX1fM2zHnYh5GByVCrXktxBCXus7OFhR1aSbMgsCIlv1/NXrg w1StkihnAsbuM65T6R4C2Foi5UoBwtSbK8YGSUj9mHPRvdF/Tq1f2JPVp4NV+hKF aZt3QN3sIU2orNkhtwv9nZ995sMcVRscG2GQccak4xA5ERCA5L4ftBqiNeO6F10Q foLUSJoMBJgJFlGgvUeY+3DDVYFAgPg9Hklrd0E+2PkYGQndQGIAXYK7GS7zMz+6 Rl7RppaQSwwY3L8kzGDsmuYcthFi7dYKEFX/jWx4sfoVv43TglbmHPr0vMLmxBLa RAzOZeU+wUAHWbG+v5/hfIDPkVvEXuM016S1YHAVo06OZ/vPicOkWuxJovG3k7vP HAB1S5QcU9189s2YHX27bRlwuRORPmdHQODq/H7UeQEvMBD3M/TqcYDl/xeRREvM hMtSitTSt6XLi4puZ9gKzC0/d8sj4HD72w1aZsjeKul2Yvu7MlLdSRcsrD/7Yb3l sbxH0uC4PQVLvx99VY17fp2jSGEQL5ClF5fYTaLAbKpAWVNExH5AQlqYAJS2rvI1 ZKeqz8UAJ/URAthUEVfrBiWb7qCPoWDEV8kvDurf+mSIHol8ute8BTP/fKe/Uxdx q/4Fn0Fu1symZjsuXUTwTiFFG0rd9tH/mAOCa4Lwen5USzs/mTM= =5aB7 -END PGP SIGNATURE-
Accepted linux-latest-4.19 105+deb10u5~deb9u1 (source amd64) into oldstable, oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Aug 2020 22:30:56 +0100 Source: linux-latest-4.19 Binary: linux-image-4.19-alpha-generic linux-headers-4.19-alpha-generic linux-image-4.19-alpha-generic-dbg linux-image-4.19-alpha-smp linux-headers-4.19-alpha-smp linux-image-4.19-alpha-smp-dbg linux-image-4.19-amd64 linux-headers-4.19-amd64 linux-image-4.19-amd64-dbg linux-image-4.19-cloud-amd64 linux-headers-4.19-cloud-amd64 linux-image-4.19-cloud-amd64-dbg linux-image-4.19-rt-amd64 linux-headers-4.19-rt-amd64 linux-image-4.19-rt-amd64-dbg linux-image-4.19-arm64 linux-headers-4.19-arm64 linux-image-4.19-arm64-dbg linux-image-4.19-rt-arm64 linux-headers-4.19-rt-arm64 linux-image-4.19-rt-arm64-dbg linux-image-4.19-marvell linux-headers-4.19-marvell linux-image-4.19-marvell-dbg linux-image-4.19-rpi linux-headers-4.19-rpi linux-image-4.19-rpi-dbg linux-image-4.19-armmp linux-headers-4.19-armmp linux-image-4.19-armmp-dbg linux-image-4.19-armmp-lpae linux-headers-4.19-armmp-lpae linux-image-4.19-armmp-lpae-dbg linux-image-4.19-rt-armmp linux-headers-4.19-rt-armmp linux-image-4.19-rt-armmp-dbg linux-image-4.19-parisc linux-headers-4.19-parisc linux-image-4.19-parisc-smp linux-headers-4.19-parisc-smp linux-image-4.19-parisc64-smp linux-headers-4.19-parisc64-smp linux-image-4.19-686 linux-headers-4.19-686 linux-image-4.19-686-dbg linux-image-4.19-686-pae linux-headers-4.19-686-pae linux-image-4.19-686-pae-dbg linux-image-4.19-rt-686-pae linux-headers-4.19-rt-686-pae linux-image-4.19-rt-686-pae-dbg linux-image-4.19-itanium linux-headers-4.19-itanium linux-image-4.19-itanium-dbg linux-image-4.19-mckinley linux-headers-4.19-mckinley linux-image-4.19-mckinley-dbg linux-image-4.19-m68k linux-headers-4.19-m68k linux-image-4.19-m68k-dbg linux-image-4.19-4kc-malta linux-headers-4.19-4kc-malta linux-image-4.19-4kc-malta-dbg linux-image-4.19-5kc-malta linux-headers-4.19-5kc-malta linux-image-4.19-5kc-malta-dbg linux-image-4.19-octeon linux-headers-4.19-octeon linux-image-4.19-octeon-dbg linux-image-4.19-loongson-3 linux-headers-4.19-loongson-3 linux-image-4.19-loongson-3-dbg linux-image-4.19-mips64r6 linux-headers-4.19-mips64r6 linux-image-4.19-mips64r6-dbg linux-image-4.19-mips64r6el linux-headers-4.19-mips64r6el linux-image-4.19-mips64r6el-dbg linux-image-4.19-mips32r6 linux-headers-4.19-mips32r6 linux-image-4.19-mips32r6-dbg linux-image-4.19-mips32r6el linux-headers-4.19-mips32r6el linux-image-4.19-mips32r6el-dbg linux-image-4.19-powerpc linux-headers-4.19-powerpc linux-image-4.19-powerpc-dbg linux-image-4.19-powerpc-smp linux-headers-4.19-powerpc-smp linux-image-4.19-powerpc-smp-dbg linux-image-4.19-powerpc64 linux-headers-4.19-powerpc64 linux-image-4.19-powerpc64-dbg linux-image-4.19-powerpcspe linux-headers-4.19-powerpcspe linux-image-4.19-powerpcspe-dbg linux-image-4.19-powerpc64le linux-headers-4.19-powerpc64le linux-image-4.19-powerpc64le-dbg linux-image-4.19-riscv64 linux-headers-4.19-riscv64 linux-image-4.19-riscv64-dbg linux-image-4.19-s390x linux-headers-4.19-s390x linux-image-4.19-s390x-dbg linux-image-4.19-sh7751r linux-headers-4.19-sh7751r linux-image-4.19-sh7751r-dbg linux-image-4.19-sh7785lcr linux-headers-4.19-sh7785lcr linux-image-4.19-sh7785lcr-dbg linux-image-4.19-sparc64 linux-headers-4.19-sparc64 linux-image-4.19-sparc64-dbg linux-image-4.19-sparc64-smp linux-headers-4.19-sparc64-smp linux-image-4.19-sparc64-smp-dbg Architecture: source amd64 Version: 105+deb10u5~deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Description: linux-headers-4.19-4kc-malta - Header files for Linux 4kc-malta configuration (meta-package) linux-headers-4.19-5kc-malta - Header files for Linux 5kc-malta configuration (meta-package) linux-headers-4.19-686 - Header files for Linux 686 configuration (meta-package) linux-headers-4.19-686-pae - Header files for Linux 686-pae configuration (meta-package) linux-headers-4.19-alpha-generic - Header files for Linux alpha-generic configuration (meta-package) linux-headers-4.19-alpha-smp - Header files for Linux alpha-smp configuration (meta-package) linux-headers-4.19-amd64 - Header files for Linux amd64 configuration (meta-package) linux-headers-4.19-arm64 - Header files for Linux arm64 configuration (meta-package) linux-headers-4.19-armmp - Header files for Linux armmp configuration (meta-package) linux-headers-4.19-armmp-lpae - Header files for Linux armmp-lpae configuration (meta-package) linux-headers-4.19-cloud-amd64 - Header files for Linux cloud-amd64 configuration (meta-package) linux-headers-4.19-itanium - Header files for Linux itanium configuration (meta-package) linux-headers-4.19-loongson-3 - Header files for Linux loongson-3 configuration (meta-package) linux-headers-4.19-m68k - Header files for Linux m68k configuration (meta-package) linux-headers-4.19-marvell - Header files for Linux marvell
Accepted linux-4.19 4.19.132-1~deb9u1 (all source) into oldstable, oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Aug 2020 16:57:14 +0100 Binary: linux-doc-4.19 linux-headers-4.19.0-0.bpo.10-common linux-headers-4.19.0-0.bpo.10-common-rt linux-source-4.19 linux-support-4.19.0-0.bpo.10 Source: linux-4.19 Architecture: all source Version: 4.19.132-1~deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Description: linux-doc-4.19 - Linux kernel specific documentation for version 4.19 linux-headers-4.19.0-0.bpo.10-common - Common header files for Linux 4.19.0-0.bpo.10 linux-headers-4.19.0-0.bpo.10-common-rt - Common header files for Linux 4.19.0-0.bpo.10-rt linux-source-4.19 - Linux kernel source for version 4.19 with Debian patches linux-support-4.19.0-0.bpo.10 - Support files for Linux 4.19 Changes: linux-4.19 (4.19.132-1~deb9u1) stretch-security; urgency=high . * Rebuild for stretch: - Disable building linux-libc-dev and unversioned tools packages - Disable building installer udebs and remove build-dependency on kernel-wedge - Disable building linux-compiler-gcc-6-* - Disable code signing and lockdown support - Change ABI number to 0.bpo.10 Checksums-Sha1: 47fe28903875fe0d2156f8cd64adb12016b0f653 31057 linux-4.19_4.19.132-1~deb9u1.dsc 883b61b64a9215bb83aee07b581743735b0f7a31 107488220 linux-4.19_4.19.132.orig.tar.xz be8c3ba1c986f6738595ea4f74f2078d967a6df0 1397948 linux-4.19_4.19.132-1~deb9u1.debian.tar.xz e3b79e167b09aee842cec21aad8dab08d4e67a8b 12011 linux-4.19_4.19.132-1~deb9u1_source.buildinfo b389a7e971ac37e2e99f40eb645673deb359 16518412 linux-doc-4.19_4.19.132-1~deb9u1_all.deb 644683d098ff4c8eb5509465db2cbb8c2cdce222 6639156 linux-headers-4.19.0-0.bpo.10-common-rt_4.19.132-1~deb9u1_all.deb 35174fb9a48d7945ddd7e92887ce9c8ff66bfb1c 8429820 linux-headers-4.19.0-0.bpo.10-common_4.19.132-1~deb9u1_all.deb 630eabbacfb8ea9ac3d12e253d081d479559cb0d 106977006 linux-source-4.19_4.19.132-1~deb9u1_all.deb e2b177de780955f167943be1c40c00d4b9feb017 509904 linux-support-4.19.0-0.bpo.10_4.19.132-1~deb9u1_all.deb Checksums-Sha256: 919aef2f8c21e8179c383201febb18ac3c11683edf76d0dcae5c26fe2f5b3016 31057 linux-4.19_4.19.132-1~deb9u1.dsc 90935bfbad8fe47ba9a5fc9037723c67ad56e8b84218c882eee14be48f9e64c5 107488220 linux-4.19_4.19.132.orig.tar.xz 909151079913dc6b48725e51118b13d1d1709ae091fc7e31f5da113f4391a43a 1397948 linux-4.19_4.19.132-1~deb9u1.debian.tar.xz 8acdebe32de4830e0e4685b0f41b88e1b5bfb07b44a9a6d186a6bfeb73e5d1c5 12011 linux-4.19_4.19.132-1~deb9u1_source.buildinfo bf3cc11f4b508f2ca28655cc80b539c1f188741d42371bbfdd0adbb90bbbfbfe 16518412 linux-doc-4.19_4.19.132-1~deb9u1_all.deb b76a00c4f062e544f7cc1653ee2a98101a6b37e041607703670ae173bd5f5f6e 6639156 linux-headers-4.19.0-0.bpo.10-common-rt_4.19.132-1~deb9u1_all.deb f1776f1675bc88acc3422e49fb436f75a2525fa6bff9bd44bbc08f866f6a2c32 8429820 linux-headers-4.19.0-0.bpo.10-common_4.19.132-1~deb9u1_all.deb 1f84efa97118bfc62ae4f37627c94136c4bf98aa29e312eef8b0ab3f894c0967 106977006 linux-source-4.19_4.19.132-1~deb9u1_all.deb b034ade0a2b224ad0e1ada78a4a6b7d88cb090ad27b3e7ab9b4a2dbf35541859 509904 linux-support-4.19.0-0.bpo.10_4.19.132-1~deb9u1_all.deb Files: fae68077fb210e75df706a005075683e 31057 kernel optional linux-4.19_4.19.132-1~deb9u1.dsc d75c26e51f0b4eefb8f464f8cdb8de37 107488220 kernel optional linux-4.19_4.19.132.orig.tar.xz d5996f9ab2f3f81e49f6988eb69f395b 1397948 kernel optional linux-4.19_4.19.132-1~deb9u1.debian.tar.xz 7bb09bbaf91506b4d512737fdce9b4fb 12011 kernel optional linux-4.19_4.19.132-1~deb9u1_source.buildinfo 33b2116f48a31395d70855e4cd902a52 16518412 doc optional linux-doc-4.19_4.19.132-1~deb9u1_all.deb 2d7cadbb38156994fdc3ead3958196b5 6639156 kernel optional linux-headers-4.19.0-0.bpo.10-common-rt_4.19.132-1~deb9u1_all.deb 7f8655d3b239fe41ccd0a7e2ae1b48ab 8429820 kernel optional linux-headers-4.19.0-0.bpo.10-common_4.19.132-1~deb9u1_all.deb e4487c1b9363b399f3a9c59b508621f4 106977006 kernel optional linux-source-4.19_4.19.132-1~deb9u1_all.deb 1c1a971489eccaa6727b696978417b38 509904 devel optional linux-support-4.19.0-0.bpo.10_4.19.132-1~deb9u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl8pztoACgkQ57/I7JWG EQnJNw//f/Yk57BmmVrYtOLW96FF2a2oybua77T6Ac8ZticCgR+3t0nl2St/Q2CX PH3vC0XSovZfuRIgTIUulWq4QISmRhgVNnd6Eugre4JEZ4y7UOJtGFj24xw4+TjY VlOc6MzFbWya1B5xYbgz0lsS5dKlMyxhZM9bR5kLE6heuVotwFRrCnJXpZxOKAPI 4bXOdAr7h0bsjrcOzhVEXIJ0WZLhCgnNnBuJmIb3MuDoLImzmvoyxvirLP8CGLxg SBtmHxnENzffaztdtVGGJBRF4mtTznxy4bFecrfnih7ksm2URRuvqvY6OfDt7PWh KyCu0KVpdeWfb3yVoPAgkb9lJDR8oW75TN3m613+1h4ZkOeKNGLAi8nE3K/Gyiqc UPDt/JkRvMCSxn7CeM5M/GUKMxlrYWesefMM0oUCAEwtSZiSqIJaLa3L4xGxtZSR AvxLC+Z9eThIF6q+dcbGthTThQ2WGYJj2GZetMRhYY7oOwDEd1jjV8irdlxNM4tR cevNzEZPFjQ+PteMiEmSYK+FKkX7UOhx4kgGmm8cEURtNhe9/6WvbbGrtiTa1P8l 5bhJow+PZ6w50vIH9o78q8KWit94PwT96vwm3YLlvpNV1DJe+ryNsBkVQsmyFEf1
Accepted firmware-nonfree 20190114-2~deb9u1 (source all) into oldstable, oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Aug 2020 14:27:39 +0100 Source: firmware-nonfree Binary: firmware-linux firmware-linux-nonfree firmware-adi firmware-ralink firmware-amd-graphics firmware-atheros firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intelwimax firmware-intel-sound firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-myricom firmware-netronome firmware-netxen firmware-qcom-media firmware-qlogic firmware-realtek firmware-samsung firmware-siano firmware-ti-connectivity Architecture: source all Version: 20190114-2~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Description: firmware-adi - Binary firmware for Analog Devices Inc. DSL modem chips (dummmy p firmware-amd-graphics - Binary firmware for AMD/ATI graphics chips firmware-atheros - Binary firmware for Atheros wireless cards firmware-bnx2 - Binary firmware for Broadcom NetXtremeII firmware-bnx2x - Binary firmware for Broadcom NetXtreme II 10Gb firmware-brcm80211 - Binary firmware for Broadcom/Cypress 802.11 wireless cards firmware-cavium - Binary firmware for Cavium Ethernet adapters firmware-intel-sound - Binary firmware for Intel sound DSPs firmware-intelwimax - Binary firmware for Intel WiMAX Connection firmware-ipw2x00 - Binary firmware for Intel Pro Wireless 2100, 2200 and 2915 firmware-ivtv - Binary firmware for iTVC15-family MPEG codecs (ivtv and pvrusb2 d firmware-iwlwifi - Binary firmware for Intel Wireless cards firmware-libertas - Binary firmware for Marvell wireless cards firmware-linux - Binary firmware for various drivers in the Linux kernel (metapack firmware-linux-nonfree - Binary firmware for various drivers in the Linux kernel (meta-pac firmware-misc-nonfree - Binary firmware for various drivers in the Linux kernel firmware-myricom - Binary firmware for Myri-10G Ethernet adapters firmware-netronome - Binary firmware for Netronome network adapters firmware-netxen - Binary firmware for QLogic Intelligent Ethernet (3000 and 3100 Se firmware-qcom-media - Binary firmware for Qualcomm graphics/video firmware-qlogic - Binary firmware for QLogic HBAs firmware-ralink - Binary firmware for Ralink wireless cards (dummmy package) firmware-realtek - Binary firmware for Realtek wired/wifi/BT adapters firmware-samsung - Binary firmware for Samsung MFC video codecs firmware-siano - Binary firmware for Siano MDTV receivers firmware-ti-connectivity - Binary firmware for TI Connectivity wifi and BT/FM/GPS adapters Closes: 864529 864601 868152 869639 872641 885016 891042 891364 892408 893952 898267 899101 900036 900266 900871 903437 907320 907585 907598 908632 919452 919632 927917 928510 928672 Changes: firmware-nonfree (20190114-2~deb9u1) stretch-security; urgency=medium . * Rebuild for stretch: - Use linux-support 4.19.0-0.bpo.10 * Re-add firmware that may be needed under older kernel versions: - iwlwifi: Intel Wireless 3160, 7260, 7265 firmware versions 25.17.12.0, 25.30.14.0, and 16.242414.0 - iwlwifi: Intel Wireless 3168 and 8265 firmware version 21.302800.0 - iwlwifi: Intel Wireless 5100/5300/5350 firmware version 8.24.2.12 - iwlwifi: Intel Wireless 6250 firmware version 9.201.4.1 - iwlwifi: Intel Wireless 7265D firmware versions 25.17.12.0, 25.30.14.0, 16.242414.0, 17.352738.0, and 21.302800.0 - iwlwifi: Intel Wireless 8000C versions 25.30.14.0, 16.242414.0, and 21.302800.0 - qlogic: QLogic QL45000 series firmware versions 8.4.2.0, 8.7.3.0, and 8.10.5.0 . firmware-nonfree (20190114-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . firmware-nonfree (20190114-2) buster; urgency=medium . [ Ben Hutchings ] * Update to linux-support 4.19.0-5 * amd-graphics: Trigger update-initramfs when installed (Closes: #928510) * cavium, netronome: Trigger update-initramfs when installed * atheros: Add Qualcomm Atheros QCA9377 rev 1.0 firmware version WLAN.TF.2.1-00021-QCARMSWP-1 (Closes: #903437, #919632, #927917) * realtek: Add Realtek RTL8822CU Bluetooth firmware * atheros: Revert change of QCA9377 rev 1.0 firmware in 20180518-1 (Closes: #919632) . [ Raphaël Hertzog ] * misc-nonfree: Add firmware for MediaTek MT76x0/MT76x2u wireless chips (Closes: #919452) * misc-nonfree: Add firmware for MediaTek MT7622/MT7668 bluetooth chips . [ Romain Perier ] * misc-nonfree: Add GV100 signed firmware (Closes: #928672) . firmware-nonfree (20190114-1~bpo9+2) stretch-backports; urgency=medium . * Re-upload with source and all for stretch-backports. . firmware-nonfree (20190114-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports: - Use linux-support-4.19.0-0.bpo.1 . firmware-nonfree (20190114-1) unstable; urgency=medium . [ Romain Perier ] *