Updated Debian 7: 7.2 released
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 7: 7.2 released press@debian.org
October 12th, 2013 http://www.debian.org/News/2013/20131012
------------------------------------------------------------------------
The Debian project is pleased to announce the second update of its
stable distribution Debian 7 (codename `wheezy'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 7 but only updates some of the packages included. There is no
need to throw away older `wheezy' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
adblock-plus Declare compatibility with more recent
Iceweasel versions
Don't override CFLAGS and LDFLAGS during
apr build. This fixes the debug information being
useless
atlas Add Breaks: octave3.2 to try and improve some
squeeze to wheezy upgrade paths
base-files Update version for point release
coherence Fix incompatibilities with newer Twisted
releases
cookie-monster Declare compatibility with newer iceweasel
versions
cups Dnssd backend: don't crash if avahi gives a
callback with no TXT record
curl Fix reporting of CURLINFO_CONDITION_UNMET
debian-edu Update from debian-edu-wheezy; remove chmsee
Recommends
debian-edu-artwork Update from debian-edu-wheezy
debian-edu-doc Update from debian-edu-wheezy
debian-edu-install Update from debian-edu-wheezy
devscripts Fix build-rdeps to work with Wheezy being
stable
dkimpy Fix Gmail signature verification failures due
to improper FWS regular expression
Fix performance issue by correctly caching
variables in Dpkg::Arch; fix chmod()
arguments order in Dpkg::Source::Quilt; only
dpkg ignore older packages if the existing version
is informative; fix user after free; fix
usage of non-existent _() function in
multiple places of the Perl code; add Italian
man-page translation
emboss-explorer Fix application menu when used with EMBOSS
6.4
Fix path to dpkg-divert; fix nfsroot package
fai list; lib/task_sysinfo: make sure device is a
valid block device before accessing it;
documentation updates
firecookie Declare compatibility with newer iceweasel
versions
firetray Restore compatibility with newer iceweasel
versions
Machine database is case-sensitive so ensure
flash-kernel that all instances of `Required-Packages' are
capitalized correctly
foxyproxy Declare compatibility with more recent
Mozilla software
freetds Make libiodbc Breaks versioned now that it
can load multiarch drivers
fwknop Fixed failure to send SPA packets due to
uninitialised variable
gajim Improve SSL/TLS handling; fix certificate
validation
ghostscript Fix endless loops related to unbalanced q/Q
operators
glusterfs Fix use of ext4 backend with linux>=
3.2.46-1+deb7u1
gnome-settings-daemon Stop installing security updates without
confirmation
Improve GC deadlock handling; make the
gnome-shell `disable-restart-buttons' option of gdm-shell
work
gosa Fix LDAP mass import
grub2 Fix booting FreeBSD>= 9.1 amd64 kernels
Switch to libmozjs185-dev as the package
gxine fails to build with newer versions of
libmozjs-dev
Fix ibus-setup breakage by setting all
ibus related packages to use --libexec=/usr/lib/
ibus
ibus-anthy Fix libexecdir; add python-glade2 to Depends
ibus-hangul Fix libexecdir
ibus-m17n Fix libexecdir
ibus-pinyin Fix libexecdir
ibus-skk Fix libexecdir
ibus-sunpinyin Fix libexecdir
ibus-xkbc Fix libexecdir
iceweasel Fix builds on several architectures
ifmetric Fix `NETLINK: Packet too small or truncated!'
error
intel-microcode Update microcode
iso-scan Fix full search entry when no ISOs are found
Switch to people.debian.org URL for
kfreebsd-downloader kernel.txz download; the old location no
longer works
krb5-auth-dialog Fix krb5_principal_compare crashes on NULL
arguments
lftp Fix `splits input script file after byte
4096'
libdatetime-timezone-perl New upstream release
libdigest-sha-perl Fix double-free when Digest::SHA object is
destroyed
libmodule-metadata-perl Don't claim not to execute code
libmodule-signature-perl CVE-2013-2145: Fixes arbitrary code execution
when verifying SIGNATURE
libquvi-scripts New upstream release
Fix libvirtd crash when destroying a domain
libvirt with attached console and race condition when
destroying guests; make sure qemu.conf isn't
world readable by default
Update to 3.2.51 / drm/agp 3.4.6; disable
linux SATA_INIC162X driver; improve efivars free
space check
lm-sensors Skip probing for EDID or graphics cards, as
it might cause hardware issues
lvm2 Fix udev rules to properly exclude special
devices and always call `udev sync'
mapserver Fix strict Content-Type matching; correctly
enable AGG support
Version libiodbc Breaks now that it can load
mdbtools multiarch drivers; fix SEGV in blob data
handling; fix double free SEGV in gmdb2
dissector
meta-gnome3 Demote xul-ext-adblock-plus to Suggests
moin Avoid creation of empty pagedir
Fix upstream copy of kpartx rules; call
multipath-tools PREREQS before calling scripts/functions;
don't plain exit if root is on multipath
device
Stop segfaulting when listing folders with
mutt new mails over imap; don't send saved
messages to trash
myodbc Version libiodbc Breaks now that it can load
multiarch drivers
netcfg Fix check for whether network-manager is
installed
Sanitise filenames to fix CVE-2013-4885
nmap (remote arbitrary file creation
vulnerability)
openvpn Fix regression with `multihome' option
Disable JavaScript support as newer versions
openvrml of Mozilla's JS engine are not supported by
openvrml
openvswitch Reset upper layer protocol info on internal
devices
Fix Digest::SHA double-free crash; fix issue
perl with shared references disappearing on sub
return; apply correctness patches from 5.14.4
Fix calculation of quorum length with low
perspectives-extension number of notaries and/or low quorum
percentage
Fix several issues relating to traits; don't
php5 reset mod_user_is_open in destroy to avoid an
annoying warning when using sessions
postgresql-common Handle wheezy point release versions
pyopencl Remove non-free file from examples
python-defaults Add symlink for /usr/bin/python2, used by
various non-distro scripts
Fix timeouts associated with only one of
python-dns several available nameservers being
unavailable
python-httplib2 Fix CVE-2013-2037; close connection on
certificate mismatch to avoid reuse
python-keystoneclient Fix CVE-2013-2013: OpenStack keystone
password disclosure on command line
redmine Fix ruby 1.9.1 support
rt-tests Fix hackbench on armhf
Prevent autostart of rygel by default; the
rygel default configuration file exposes files to
the LAN
sage-extension Fix compability with iceweasel 17; ensure
that links in the main window are clickable
samba Fix CVE-2013-4124: Denial of service - CPU
loop and memory allocation
shotwell Fix crash at startup
shutdown-at-night Stop client wake-up cron job complaining
about unpingable machines
sitesummary Fix robustness and kernel version parsing in
nagios plugin
Fix non-HTTPS logins; don't assume a `backup'
slbackup-php host exists in DNS; search for configuration
file in a package-specific folder
smbldap-tools Use correct name for net(8); fix qw() warning
stellarium Prevent segfault when OpenGL is not present
subversion Fix Python bindings when built against swig
2.0.5+
Correct the Breaks on bootchart to ensure
sysvinit that all broken versions are removed on
upgrade
Work around Facebook server behaviour change
telepathy-gabble with service discovery; initialize libdbus
for thread-safety; fix potential FTBFS in
highly-parallel builds
telepathy-idle Validate TLS certificates
tntnet Fix insecure default tntnet.conf
torrus Fix SNMPv1 maxrepetitions issues
trac New upstream stable release
ttytter Update to work with the Twitter 1.1 API
tzdata New upstream release
user-mode-linux Rebuild against linux 3.2.51-1
uwsgi Fix loading of nagios plugin
virtinst Don't specify absolute paths to xen tools;
virt-clone: properly set image type
Repack to remove src/generator/
wv2 generator_wword{6,8}.htm, which should have
been removed in earlier uploads
xinetd Fix CVE-2013-4342 making TCPMUX services
change the uid
xmonad-contrib Fix CVE-2013-1436
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2698 tiff Buffer overflow
DSA-2699 iceweasel Multiple issues
DSA-2700 wireshark Multiple issues
DSA-2701 krb5 Denial of service
DSA-2704 mesa Out of bounds access
DSA-2705 pymongo Denial of service
DSA-2706 chromium-browser Multiple issues
DSA-2707 dbus Denial of service
DSA-2708 fail2ban Denial of service
DSA-2709 wireshark Multiple issues
DSA-2710 xml-security-c Multiple issues
DSA-2712 otrs2 Privilege escalation
DSA-2713 curl Heap overflow
DSA-2714 kfreebsd-9 Programming error
DSA-2715 puppet Code execution
DSA-2716 iceweasel Multiple issues
DSA-2717 xml-security-c Heap overflow
DSA-2718 wordpress Multiple issues
DSA-2721 nginx Nginx security update
DSA-2723 php5 Heap corruption
DSA-2724 chromium-browser Multiple issues
DSA-2725 tomcat6 Multiple issues
DSA-2726 php-radius Buffer overflow
DSA-2728 bind9 Denial of service
DSA-2729 openafs Multiple issues
DSA-2730 gnupg Information leak
DSA-2731 libgcrypt11 Information leak
DSA-2732 chromium-browser Multiple issues
DSA-2733 otrs2 SQL injection
DSA-2734 wireshark Multiple issues
DSA-2735 iceweasel Multiple issues
DSA-2736 putty Multiple issues
DSA-2737 swift Multiple issues
DSA-2739 cacti Multiple issues
DSA-2740 python-django Regression
DSA-2741 chromium-browser Multiple issues
DSA-2742 php5 Interpretation conflict
DSA-2743 kfreebsd-9 Multiple issues
DSA-2744 tiff Multiple issues
DSA-2745 linux Multiple issues
DSA-2745 user-mode-linux Multiple issues
DSA-2747 cacti Multiple issues
DSA-2748 exactimage Denial of service
DSA-2750 imagemagick Buffer overflow
DSA-2751 libmodplug Multiple issues
DSA-2752 phpbb3 Too wide permissions
DSA-2753 mediawiki Cross-site request forgery token disclosure
DSA-2754 exactimage Denial of service
DSA-2755 python-django Directory traversal
DSA-2756 wireshark Multiple issues
DSA-2758 python-django Denial of service
DSA-2759 iceweasel Multiple issues
DSA-2760 chrony Multiple issues
DSA-2761 puppet Multiple issues
DSA-2763 pyopenssl Hostname check bypassing
DSA-2764 libvirt Programming error
DSA-2765 davfs2 Privilege escalation
DSA-2767 proftpd-dfsg Denial of service
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
chmsee Fails to build with Iceweasel 17
dactyl Incompatible with Iceweasel 17
edbrowse Incompatible with Iceweasel 17
jclicmoodle Requires missing moodle
pyxpcom Incompatible with Iceweasel 17
turpial Broken by Twitter changes
Debian Installer
----------------
The installer has been updated to add support for QNAP TS-12x, TS-22x
and TS-42x devices, to correctly detect whether network interfaces
should be managed via `NetworkManager' and to include the fixes
incorporated into stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/wheezy/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable/>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://security.debian.org/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Reply to: