apparmor (2.11.0-3) unstable; urgency=medium . * Fix CVE-2017-6507: don't unload unknown profiles during package configuration or when restarting the apparmor init script, upstart job, or systemd unit as this could leave processes unconfined (Closes: #858768). Changes cherry-picked from Ubuntu's 2.11.0-2ubuntu3: - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart: Remove calls to unload_obsolete_profiles() - debian/patches/utils-add-aa-remove-unknown.patch, debian/apparmor.install debian/apparmor.manpages: Include a new utility, aa-remove-unknown, which can be used to unload unknown profiles. Based on an upstream patch but adjusted to source the /lib/apparmor/functions shipped in Debian/Ubuntu. blacs-mpi (1.1-38) unstable; urgency=medium . * /usr/lib/openmpi path in debian/blacs-mpi-implementations.patch was replaced with the correct triplet path. Thanks to Gilles Filippini for providing a patch (Closes: #848813) canl-c (2.1.8-1) unstable; urgency=medium . * Update to version 2.1.8 cvs (2:1.12.13+real-22) unstable; urgency=low . * cvs init: Change default history logging configuration to only log write operations by adding “LogHistory=TMAR” * Testsuite: Alter to cope with this explicit option * cvs init: Rely on CVSUMASK for history and val-tags files in newly created repositories (Closes: #858769) * Add a NEWS.Debian entry verbosely documenting this change dmraid (1.0.0.rc16-8) unstable; urgency=medium . * Fix library dev symlink (closes: 856946). * Update paths in copyright. dsdp (5.8-9.4) unstable; urgency=medium . * Non-maintainer upload. * Revert previous patches in 5.8-9.2 and 5.8-9.3, they are completely wrong and end up causing *flags to always be 0 on 64-bit big-endian systems. * Use correct integer type for Fortran prototypes and variables (Closes: #857067) dsdp (5.8-9.3) unstable; urgency=medium . * Non-maintainer upload. * Initialize all INFO vars. Closes: #857067 * Revert unneeded changes in d/rules dsdp (5.8-9.2) unstable; urgency=medium . * Non-maintainer upload. . [ Matthias Klose ] * Build using -O2 on s390x. . [ Dimitri John Ledkov ] * Cast INFO to int before storing it in the flag. LP: #1543982. Closes: #857067 gcc-6 (6.3.0-11) unstable; urgency=medium . * Fix PR target/78543 (PPC), taken from the gcc-6-branch. Closes: #856809. ghostscript (9.20~dfsg-3) unstable; urgency=medium . * Fix NULL pointer dereference in mem_get_bits_rectangle(). Closes: Bug#697676 (CVE-2017-7207). Thanks to Salvatore Bonaccorso. ginga (2.6.1-2) unstable; urgency=medium . * Remove python-webkit from Recommends. Closes: #858948 glib2.0 (2.50.3-2) unstable; urgency=medium . * debian/patches/tests-gdatetime-Use-a-real-rather-than-invented-time.patch: Cherry-pick a patch from upstream to fix GDateTime tests when tzdata ≥ 2017a is in use. (Closes: #858214) gnome-terminal (3.22.2-1) unstable; urgency=medium . * New upstream release. hyperscan (4.4.1-1) unstable; urgency=medium . * Fix overlong changelog line to please lintian * Remove explicit FAT_RUNTIME cmake directive * New upstream version 4.4.1 iptraf-ng (1:1.1.4-6) unstable; urgency=medium . * Bump epoch to make it upgradable from iptraf. iptraf-ng (1.1.4-5) unstable; urgency=medium . * Add transitional dummy package iptraf kde-cli-tools (4:5.8.4-2) unstable; urgency=medium . * Add libkf5su-bin hard dependency. Thanks to Martin Graesslin for reporting (Closes: 807402) libxslt (1.1.29-2.1) unstable; urgency=high . * Non-maintainer upload. * Check for integer overflow in xsltAddTextString (CVE-2017-5029) (Closes: #858546) openpyxl (2.3.0-3) unstable; urgency=medium . * Do not resolve entities with lxml to avoid XXE vulnerability - patch up_no_lxml (Closes: #854442) parallax (1.0.1-3) unstable; urgency=medium . * Add openssh-client depends (Closes: #854722) pcre3 (2:8.39-3) unstable; urgency=high . * CVE-2017-7186: invalid Unicode property lookup may cause denial of service (Closes: #858238) pygoocanvas (0.14.1-1.2) unstable; urgency=medium . * Non-maintainer upload. * Make the build reproducible. (Closes: #828222) * Add docbook-xml to Build-Depends. (Closes: #628813) * Re-add demo files; dropped due to changes in 0.10.0-2 NMU not incorporated. (Closes: #450577) * Update URL in debian/copyright. (Closes: #693270) * Update Vcs-{Git,Browser} to use secure URLs. * Be explicit about using "1.0" source format. python-qtpy (1.2.1-2) unstable; urgency=medium . * Run autopkgtests for all supported Python versions * Temporarily disable testing at package build time - Drop b-deps required for testing - Disable testing stage in pybuild - Drop use of dh_auto_test override Thanks to Santiago Vila for investigating (Closes: #854496) socket-wrapper (1.1.7-2) unstable; urgency=medium . * Tighten CMocka build dependency (closes: #858885). vala (0.34.7-1) unstable; urgency=medium . * New upstream version 0.34.7 win32-loader (0.8.2) unstable; urgency=medium . * The « Iao » release . * Fix dpkg-query calls to use source:* for Version and Package directly - Add Build-Dependency on dpkg (>= 1.16.2) for that support - Fixes the FTBFS revealed by loadlin's binNMU (Closes: #858104) xfonts-wqy (1.0.0~rc1-6) unstable; urgency=medium . * Remove configure files correctly when purge (Closes: #858959).