Updated Debian 7: 7.3 released

To: debian-announce@lists.debian.org
Subject: Updated Debian 7: 7.3 released
From: Paul Wise <pabs@debian.org>
Date: Sun, 15 Dec 2013 09:53:52 +0800
Message-id: <[🔎] 20131215015352.GA6694@chianamo>
------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Updated Debian 7: 7.3 released                          press@debian.org
December 14th, 2013             http://www.debian.org/News/2013/20131214
------------------------------------------------------------------------

The Debian project is pleased to announce the third update of its
stable distribution Debian 7 (codename `wheezy'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.

Please note that this update does not constitute a new version of
Debian 7 but only updates some of the packages included. There is no
need to throw away old `wheezy' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

	http://www.debian.org/mirror/list

Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

             Package                              Reason
apt                                Fix handling of :any in single-arch
                                   systems and processing of .debs over
                                   2GB in size
apt-listbugs                       Insecure use of temporary files
base-files                         Update for point release
bootchart                          Fix upgrade path from machines which
                                   had lenny's bootchart installed
darktable                          Fix CVE-2013-1438; fix CVE-2013-1439
distro-info-data                   Add Ubuntu 14.04, Trusty Tahr
expat                              Do not ship pkgconfig files
fcitx-cloudpinyin                  Use Google by default, to replace no
                                   longer available previous default
firebird2.5                        Final 2.5.2 release, bug fixes
gnome-settings-daemon              Remove no longer required patch
                                   which makes syndaemon almost useless
gtk+3.0                            Load the file icon via a data: URI,
                                   to work with librsvg's new origin
                                   policy
iftop                              Fix memory leak
intel-microcode                    New upstream update
kfreebsd-9                         Disable 101_nullfs_vsock.diff
libdatetime-timezone-perl          New upstream version
libguestfs                         Fix CVE-2013-4419: insecure
                                   temporary directory handling for
                                   remote guestfish
libnet-server-perl                 Fix use of uninitialized value in
                                   pattern match
libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the
                                   SSL_version argument
librsvg                            Fix CVE-2013-1881: disable loading
                                   of external entities
lua-sql                            Restore multiarch co-installability
meep-lam4                          Move /usr/include/meep-lam4 to /usr/
                                   include/meep; fixes building against
                                   the -dev package
meep-mpi-default                   Move /usr/include/meep-mpi-default
                                   to /usr/include/meep; fixes building
                                   against the -dev package
meep-mpich2                        Move /usr/include/meep-mpich2 to /
                                   usr/include/meep; fixes building
                                   against the -dev package
meep-openmpi                       Move /usr/include/meep-openmpi to /
                                   usr/include/meep; fixes building
                                   against the -dev package
multipath-tools                    Restore `dmsetup export' workaround,
                                   lost in previous upload
nagios3                            Stop status.cgi listing unauthorised
                                   hosts and services, miscellaneous
                                   bug fixes
nsd3                               Add $network to Required-Start
openttd                            Fix CVE-2013-6411 (DoS)
postgresql-8.4                     New upstream micro-release
postgresql-9.1                     New upstream micro-release
rtkit                              Fix access restriction bypass via
                                   polkit race condition
ruby-passenger                     Fix CVE-2013-2119 and CVE-2013-4136:
                                   insecure tmp files usage
scikit-learn                       Move joblib from Recommends to
                                   Depends
smplayer                           Don't append -fontconfig to the
                                   command line options for Mplayer2 to
                                   prevent crash at startup
starpu                             Remove non-free example material
starpu-contrib                     Remove non-free example material
tzdata                             New upstream release
usemod-wiki                        Update hardcoded cookie expiration
                                   date from 2013 to 2025
xfce4-weather-plugin               Update weather.com API URI

Security Updates
----------------

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory        Package                     Correction(s)
   ID
DSA-2738       ruby1.9.1       Multiple issues
DSA-2769       kfreebsd-9      Multiple issues
DSA-2770         torque        Authentication bypass
DSA-2771          nas          Multiple issues
DSA-2772       typo3-src       Cross-site scripting
DSA-2773         gnupg         Multiple issues
DSA-2774         gnupg2        Multiple issues
DSA-2775        ejabberd       Insecure SSL usage
DSA-2777        systemd        Multiple issues
DSA-2778  libapache2-mod-fcgid Heap-based buffer overflow
DSA-2779        libxml2        Denial of service
DSA-2781     python-crypto     PRNG not correctly reseeded in some
                               situations
DSA-2782        polarssl       Multiple issues
DSA-2784      xorg-server      Use-after-free
DSA-2785    chromium-browser   Multiple issues
DSA-2786          icu          Multiple issues
DSA-2787       roundcube       Design error
DSA-2788       iceweasel       Multiple issues
DSA-2789       strongswan      Denial of service and authorization
                               bypass
DSA-2790          nss          Uninitialized memory read
DSA-2791     tryton-client     Missing input sanitization
DSA-2792       wireshark       Multiple issues
DSA-2794          spip         Multiple issues
DSA-2795        lighttpd       Multiple issues
DSA-2796         torque        Arbitrary code execution
DSA-2798          curl         Unchecked SSL certificate host name
DSA-2799    chromium-browser   Multiple issues
DSA-2800          nss          Buffer overflow
DSA-2801   libhttp-body-perl   Design error
DSA-2802         nginx         Restriction bypass
DSA-2803         quagga        Multiple issues
DSA-2804        drupal7        Multiple issues
DSA-2805        sup-mail       Remote command injection
DSA-2806          nbd          Privilege escalation
DSA-2807         links2        Integer overflow
DSA-2808        openjpeg       Multiple issues
DSA-2809        ruby1.8        Multiple issues
DSA-2810       ruby1.9.1       Heap overflow
DSA-2811    chromium-browser   Multiple issues

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

    Package          Reason
linky           License problems
iceweasel-linky License problems

Debian Installer
----------------

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

URLs
----

The complete lists of packages that have changed with this revision:

	http://ftp.debian.org/debian/dists/wheezy/ChangeLog

The current stable distribution:

	http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

	http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

	http://www.debian.org/releases/stable/

Security announcements and information:

	http://security.debian.org/

About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
-------------------
For further information, please visit the Debian web pages at 
http://www.debian.org/, send mail to <press@debian.org>, or contact the stable
release team at <debian-release@lists.debian.org>.
Reply to:
Prev by Date: Updated Debian 6.0: 6.0.8 released
Previous by thread: Updated Debian 6.0: 6.0.8 released
Index(es):
- Date
- Thread