From 0a388832cb4a7e9dfe1265fa04d1c441e9730e23 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 14 Feb 2019 15:07:09 +0000
Subject: 8.11.0 -> 8.11.1

This update only includes the LTS architectures, so drop the others.
---
 english/releases/jessie/release.data | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/english/releases/jessie/release.data b/english/releases/jessie/release.data
index 472f39e1a9b..b96880bffec 100644
--- a/english/releases/jessie/release.data
+++ b/english/releases/jessie/release.data
@@ -5,11 +5,11 @@
 	amd64,
 	i386,
 	armel,
-	powerpc,
+#	powerpc,
 	armhf,
 #	sparc,
 #	'kfreebsd-amd64',
-	mipsel,
+#	mipsel,
 #	'kfreebsd-i386',
 #	arm,
 #	ia64,
@@ -20,10 +20,10 @@
 #	sh4,
 #	m68k,
 #	sh4,
-	mips,
-	s390x,
-	arm64,
-	ppc64el,
+#	mips,
+#	s390x,
+#	arm64,
+#	ppc64el,
 #	ppc64,
 );
 
@@ -98,15 +98,15 @@
 ### Next line should be changed to 'wml::debian::installer' when
 ### preparing for next stable release; don't forget the Makefile!
 #use wml::debian::installer
-<define-tag jessie-images-url>https://cdimage.debian.org/cdimage/archive/8.11.0</define-tag>
-<define-tag jessie-cd-release-filename>8.11.0</define-tag>
+<define-tag jessie-images-url>https://cdimage.debian.org/cdimage/archive/8.11.1</define-tag>
+<define-tag jessie-cd-release-filename>8.11.1</define-tag>
 
 <define-tag netinst-images>
-<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="<strip-arches "<jessie-images-arches />" "s390 source" />" />
+<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="<strip-arches "<jessie-images-arches />" "source" />" />
 </define-tag>
 
 <define-tag businesscard-images>
-<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-businesscard.iso" arch="<strip-arches "<jessie-images-arches />" "s390 source" />" />
+<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-businesscard.iso" arch="<strip-arches "<jessie-images-arches />" "source" />" />
 </define-tag>
 
 <define-tag full-cd-images>
@@ -144,5 +144,5 @@
 </define-tag>
 
 <define-tag small-non-free-cd-images>
-<images-list url="https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/<jessie-cd-release-filename/>+nonfree/@ARCH@/iso-cd/firmware-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="amd64 i386 powerpc" />
+<images-list url="https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/<jessie-cd-release-filename/>+nonfree/@ARCH@/iso-cd/firmware-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="amd64 i386" />
 </define-tag>
-- 
cgit v1.2.3


From c4da598be91aaeba098bf112270ab920ef3f6977 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 14 Feb 2019 15:24:06 +0000
Subject: Add CVE-2019-3462 to errata for jessie installer

---
 english/releases/jessie/debian-installer/index.wml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/english/releases/jessie/debian-installer/index.wml b/english/releases/jessie/debian-installer/index.wml
index e6d420f9cce..17dd608ec8a 100644
--- a/english/releases/jessie/debian-installer/index.wml
+++ b/english/releases/jessie/debian-installer/index.wml
@@ -174,6 +174,19 @@ for other known problems.
      <br /> - Run <code>apt-get upgrade --with-new-pkgs</code>
      <br /> - Reboot to complete the upgrade.
      </dd>
+     
+     <dt>APT was vulnerable to a man-in-the-middle attack</dt>
+     
+     <dd>A bug in the APT HTTP transport method
+     (<a href="https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html">CVE-2019-3462</a>)
+     could be exploited by an attacker located as a man-in-the-middle between APT
+     and a mirror to cause the installation of additional, malicious, packages.
+     
+     <br /> This can be mitigated by disabling use of the network during
+     initial installation and then upgrading following the instructions in
+     <a href="$(HOME)/lts/security/2019/dla-1637">DLA-1637</a>.
+     
+     <br /> <b>Status:</b> This has been fixed in 8.11.1</dd>
 </dl>
 
 <h3 id="errata-r0">Errata for release 8.0</h3>
-- 
cgit v1.2.3


From 0bfae46d639f53c0208f2894b547bd6a1e0895cf Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 14 Feb 2019 15:29:45 +0000
Subject: Add CVE-2019-3462 to errata for stretch installer

---
 english/releases/stretch/debian-installer/index.wml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/english/releases/stretch/debian-installer/index.wml b/english/releases/stretch/debian-installer/index.wml
index 99ff79c49e3..c56dd9d5c01 100644
--- a/english/releases/stretch/debian-installer/index.wml
+++ b/english/releases/stretch/debian-installer/index.wml
@@ -179,6 +179,20 @@ for other known problems.
      <br /> <b>Status:</b> It is unlikely more efforts can be made to
      fit more packages on CD#1. </dd>
 -->
+
+     <dt>APT was vulnerable to a man-in-the-middle attack</dt>
+
+     <dd>A bug in the APT HTTP transport method
+     (<a href="https://www.debian.org/security/2019/dsa-4371">CVE-2019-3462</a>)
+     could be exploited by an attacker located as a man-in-the-middle between APT
+     and a mirror to cause the installation of additional, malicious, packages.
+
+     <br /> This can be mitigated by disabling use of the network during
+     initial installation and then upgrading following the instructions in
+     <a href="$(HOME)/security/2019/dsa-4371">DSA-4371</a>.
+
+     <br /> <b>Status:</b> This has been fixed in 9.7</dd>
+
 </dl>
 
 <p>
-- 
cgit v1.2.3