Draft announcement for 7.3
Hi,
Please find attached a draft announcement for Saturday's wheezy point
release (7.3).
Regards,
Adam
<define-tag pagetitle>Updated Debian 7: 7.3 released</define-tag>
<define-tag release_date>2013-12-14</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>7</define-tag>
<define-tag codename>wheezy</define-tag>
<define-tag revision>7.3</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="http://packages.debian.org/src:%s";>%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="http://packages.debian.org/src:%0";>%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="http://packages.debian.org/src:%0";>%0</a></define-tag>
<p>The Debian project is pleased to announce the third update of its
stable distribution Debian <release> (codename <q><codename></q>).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.</p>
<p>Please note that this update does not constitute a new version of Debian
<release> but only updates some of the packages included. There is
no need to throw away old <q><codename></q> CDs or DVDs but only to update
via an up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.</p>
<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>
<p>New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.</p>
<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:</p>
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
<h2>Miscellaneous Bugfixes</h2>
<p>This stable update adds a few important corrections to the following
packages:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction apt "Fix handling of :any in single-arch systems and processing of .debs over 2GB in size">
<correction apt-listbugs "Insecure use of temporary files">
<correction base-files "Update for point release">
<correction bootchart "Fix upgrade path from machines which had lenny's bootchart installed">
<correction darktable "Fix CVE-2013-1438; fix CVE-2013-1439">
<correction distro-info-data "Add Ubuntu 14.04, Trusty Tahr">
<correction expat "Do not ship pkgconfig files">
<correction fcitx-cloudpinyin "Use Google by default, to replace no longer available previous default">
<correction firebird2.5 "Final 2.5.2 release, bug fixes">
<correction gnome-settings-daemon "Remove no longer required patch which makes syndaemon almost useless">
<correction gtk+3.0 "Load the file icon via a data: URI, to work with librsvg's new origin policy">
<correction iftop "Fix memory leak">
<correction intel-microcode "New upstream update">
<correction kfreebsd-9 "Disable 101_nullfs_vsock.diff">
<correction libdatetime-timezone-perl "New upstream version">
<correction libguestfs "Fix CVE-2013-4419: insecure temporary directory handling for remote guestfish">
<correction libnet-server-perl "Fix use of uninitialized value in pattern match">
<correction libnet-smtp-tls-butmaintained-perl "Fix misuse of IO::Socket::SSL in the SSL_version argument">
<correction librsvg "Fix CVE-2013-1881: disable loading of external entities">
<correction lua-sql "Restore multiarch co-installability">
<correction meep-lam4 "Move /usr/include/meep-lam4 to /usr/include/meep; fixes building against the -dev package">
<correction meep-mpi-default "Move /usr/include/meep-mpi-default to /usr/include/meep; fixes building against the -dev package">
<correction meep-mpich2 "Move /usr/include/meep-mpich2 to /usr/include/meep; fixes building against the -dev package">
<correction meep-openmpi "Move /usr/include/meep-openmpi to /usr/include/meep; fixes building against the -dev package">
<correction multipath-tools "Restore <q>dmsetup export</q> workaround, lost in previous upload">
<correction nagios3 "Stop status.cgi listing unauthorised hosts and services, miscellaneous bug fixes">
<correction nsd3 "Add $network to Required-Start">
<correction openttd "Fix CVE-2013-6411 (DoS)">
<correction postgresql-8.4 "New upstream micro-release">
<correction postgresql-9.1 "New upstream micro-release">
<correction rtkit "Fix access restriction bypass via polkit race condition">
<correction ruby-passenger "Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage">
<correction scikit-learn "Move joblib to Depends from Recommends">
<correction smplayer "Don't append -fontconfig to the command line options for Mplayer2 to prevent crash at startup">
<correction starpu "Remove non-free example material">
<correction starpu-contrib "Remove non-free example material">
<correction tzdata "New upstream release">
<correction usemod-wiki "Update hardcoded cookie expiration date from 2013 to 2025">
<correction xfce4-weather-plugin "Update weather.com API URI">
</table>
<h2>Security Updates</h2>
<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2013 2738 ruby1.9.1 "Multiple issues">
<dsa 2013 2769 kfreebsd-9 "Multiple issues">
<dsa 2013 2770 torque "Authentication bypass">
<dsa 2013 2771 nas "Multiple issues">
<dsa 2013 2772 typo3-src "Cross-site scripting">
<dsa 2013 2773 gnupg "Multiple issues">
<dsa 2013 2774 gnupg2 "Multiple issues">
<dsa 2013 2775 ejabberd "Insecure SSL usage">
<dsa 2013 2777 systemd "Multiple issues">
<dsa 2013 2778 libapache2-mod-fcgid "Heap-based buffer overflow">
<dsa 2013 2779 libxml2 "Denial of service">
<dsa 2013 2781 python-crypto "PRNG not correctly reseeded in some situations">
<dsa 2013 2782 polarssl "Multiple issues">
<dsa 2013 2784 xorg-server "Use-after-free">
<dsa 2013 2785 chromium-browser "Multiple issues">
<dsa 2013 2786 icu "Multiple issues">
<dsa 2013 2787 roundcube "Design error">
<dsa 2013 2788 iceweasel "Multiple issues">
<dsa 2013 2789 strongswan "Denial of service and authorization bypass">
<dsa 2013 2790 nss "Uninitialized memory read">
<dsa 2013 2791 tryton-client "Missing input sanitization">
<dsa 2013 2792 wireshark "Multiple issues">
<dsa 2013 2794 spip "Multiple issues">
<dsa 2013 2795 lighttpd "Multiple issues">
<dsa 2013 2796 torque "Arbitrary code execution">
<dsa 2013 2798 curl "Unchecked ssl certificate host name">
<dsa 2013 2799 chromium-browser "Multiple issues">
<dsa 2013 2800 nss "Buffer overflow">
<dsa 2013 2801 libhttp-body-perl "Design error">
<dsa 2013 2802 nginx "Restriction bypass">
<dsa 2013 2803 quagga "Multiple issues">
<dsa 2013 2804 drupal7 "Multiple issues">
<dsa 2013 2805 sup-mail "Remote command injection">
<dsa 2013 2806 nbd "Privilege escalation">
<dsa 2013 2807 links2 "Integer overflow">
<dsa 2013 2808 openjpeg "Multiple issues">
<dsa 2013 2809 ruby1.8 "Multiple issues">
<dsa 2013 2810 ruby1.9.1 "Heap overflow">
<dsa 2013 2811 chromium-browser "Multiple issues">
</table>
<h2>Removed packages</h2>
<p>The following packages were removed due to circumstances beyond our
control:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction linky "License problems">
<correction iceweasel-linky "License problems">
</table>
<h2>Debian Installer</h2>
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
<h2>URLs</h2>
<p>The complete lists of packages that have changed with this
revision:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>The current stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/";>
</div>
<p>Proposed updates to the stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates";>
</div>
<p>stable distribution information (release notes, errata etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
<p>Security announcements and information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>About Debian</h2>
<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>
<h2>Contact Information</h2>
<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">http://www.debian.org/</a>, send mail to
<press@debian.org>, or contact the stable release team at
<debian-release@lists.debian.org>.</p>
Reply to: