asterisk (1:13.14.1~dfsg-1) unstable; urgency=medium . * New upstream version 13.14.1 - Fixes AST-2017-001 (Buffer overflow in CDR's set user) (Closes: #859910) * Import upstream fix to set the RTP source address to the address bound by the PJSIP transport (Closes: #859911) debian-games (2) unstable; urgency=medium . * Removed packages: (removed from Debian) - card: cardstories. - puzzle: glotski. * Run make dist and update the debian control file. espeak-ng (1.49.0+dfsg-9) unstable; urgency=medium . * control: Add version to libespeak-ng-libespeak1 Provides (Closes: Bug#859949). gajim-omemo (1.0.0-2) unstable; urgency=medium . * Add patch for XEP-0384 compliance. (Closes: #859894) * Add patch for XEP-0380 compliance (correct EME element) * Add patch to hide lock icon, when OMEMO encryption is disabled * Add patch to not handle "normal" messages, prevents crash gnutls28 (3.5.8-5) unstable; urgency=medium . * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch. * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch: Addressed large allocation in OpenPGP certificate parsing, that could lead in out-of-memory condition. Issue found using oss-fuzz project, and was fixed by Alex Gaynor. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C] gnutls28 (3.5.8-4) unstable; urgency=medium . * More upstream fixes from gnutls_3_5_x branch: + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer overflow resulting to invalid memory write in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch Addressed crashes in OpenPGP certificate parsing, related to private key parser. No longer allow OpenPGP certificates (public keys) to contain private key sub-packets. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 hfst (3.10.0~r2798-3) unstable; urgency=medium . [ Tino Didriksen ] * Workaround tests failing on big-endian (Closes: #827199) + Not solved, but not needed because hfst-ospell fixed the end-user case hfst (3.10.0~r2798-2) unstable; urgency=low . [ Tino Didriksen ] * debian/patches/hfst_03_char2int.diff: + Fix FTBFS: twolc test fails or times out (Closes: #826659) hfst (3.10.0~r2798-1) unstable; urgency=low . [ Tino Didriksen ] * Update to latest upstream release. . [ Kartik Mistry ] * debian/control: + Updated Standards-Version to 3.9.8 ibus-anthy (1.5.9-2) unstable; urgency=medium . * Update uploaders list to current ones. Closes: #841800 * Install appstream metadata with its upstream fix to the metadata. Closes: #858076 keepass2 (2.35+dfsg-2) unstable; urgency=medium . * debian/patches/disable-clipboard-workaround.patch: disable a workaround that messes up the system clipboard (LP: #1659159) khmer (2.0+dfsg-10) unstable; urgency=medium . * Team upload. * Revert "Drop arm64 due to failing tests." Closes: #859752 khmer (2.0+dfsg-9) unstable; urgency=medium . * Drop arm64 due to failing tests. (Closes: #851830) khmer (2.0+dfsg-8) unstable; urgency=medium . * Team upload. * Enable static building ('--static') with pkg-config. * Have autopkgtests use pkg-config. libnl3 (3.2.27-2) unstable; urgency=low . * Add upstream fix for CVE-2017-0553 (Closes: #859948) magics++ (2.30.0-5) unstable; urgency=medium . * Add Breaks: libmagplus3. Thanks to Andreas Beckmann. Closes: #859915. mypaint (1.2.0-4.1) unstable; urgency=medium . * Non-maintainer upload. * d/p/Remove-references-to-BOGOSITY-cursor.patch, d/p/Fix-cherry-pick-stable-branch-has-pygtk-syntax.patch, d/p/hcywheel-Avoid-deprecated-gdk.Cursor-constructor.patch: Fix startup on Wayland systems (Closes: #859064) osmose-emulator (1.0-4) unstable; urgency=medium . * Reversed debhelper compat for level 9 proftpd-dfsg (1.3.5b-4) unstable; urgency=medium . * Added patch CVE-2017-7418 to add recursive handling of DefalutRoot path. (closes: #859592) r-bioc-genomeinfodb (1.10.3-1) unstable; urgency=medium . * Team upload. * New upstream version - Update URL-s to work with reorganized NCBI data (Closes #859864) * Build-depend on r-cran-rcurl tigervnc (1.7.0+dfsg-7) unstable; urgency=high . [ Joachim Falk ] * Fixed the following security vulnerabilities (Closes: #859259): - Fix SSecurityVeNCrypt.cxx; SSecurityVeNCrypt::SSecurityVeNCrypt. An unauthenticated client can cause a small memory leak in the server. (CVE-2017-7392) - Fix VNCSConnectionST.cxx VNCSConnectionST::fence. An authenticated client can cause a double free, leading to denial of service or potentially code execution. (CVE-2017-7393) - Fix SSecurityPlain.cxx SSecurityPlain::processMsg. An unauthenticated users can crash the server by sending long usernames. (CVE-2017-7394) - Fix SMsgReader.cxx SMsgReader::readClientCutText. An authenticated client can crash the server by causing an integer overflow. (CVE-2017-7395) - Fix CConnection.cxx CConnection::CConnection. An unauthenticated client can cause a small memory leak in the server. (CVE-2017-7396) * The tigervncserver wrapper script gives up and kills the server it just started if it doesn't have its VNC-TCP and X11-unix sockets up and running within a second. However, if a machine is a bit bogged down, this can prevent starting the server at all, for no good reason. Thus, the timeout has been increased to 30 seconds. (Closes: #859141) * Refreshed dependencies for Xtigervnc server build from xorg-server-1.19.2 used in stretch. (Closes: #858048) vnstat (1.15-2) unstable; urgency=medium . * Fix Makefile install-data-hook dependency. (Closes: #859712) - Add install-ordering.diff, thanks to Adrian Bunk. waagent (2.2.2-2) unstable; urgency=medium . * Make sure tests packages is not included. * Fix deprovision. (closes: #860019)