[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 7: 7.2 released

The Debian Project                                http://www.debian.org/
Updated Debian 7: 7.2 released                          press@debian.org
October 12th, 2013              http://www.debian.org/News/2013/20131012

The Debian project is pleased to announce the second update of its
stable distribution Debian 7 (codename `wheezy'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.

Please note that this update does not constitute a new version of
Debian 7 but only updates some of the packages included. There is no
need to throw away older `wheezy' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

         Package                             Reason
adblock-plus              Declare compatibility with more recent
                          Iceweasel versions
                          Don't override CFLAGS and LDFLAGS during
apr                       build. This fixes the debug information being
atlas                     Add Breaks: octave3.2 to try and improve some
                          squeeze to wheezy upgrade paths
base-files                Update version for point release
coherence                 Fix incompatibilities with newer Twisted
cookie-monster            Declare compatibility with newer iceweasel
cups                      Dnssd backend: don't crash if avahi gives a
                          callback with no TXT record
curl                      Fix reporting of CURLINFO_CONDITION_UNMET
debian-edu                Update from debian-edu-wheezy; remove chmsee
debian-edu-artwork        Update from debian-edu-wheezy
debian-edu-doc            Update from debian-edu-wheezy
debian-edu-install        Update from debian-edu-wheezy
devscripts                Fix build-rdeps to work with Wheezy being
dkimpy                    Fix Gmail signature verification failures due
                          to improper FWS regular expression
                          Fix performance issue by correctly caching
                          variables in Dpkg::Arch; fix chmod()
                          arguments order in Dpkg::Source::Quilt; only
dpkg                      ignore older packages if the existing version
                          is informative; fix user after free; fix
                          usage of non-existent _() function in
                          multiple places of the Perl code; add Italian
                          man-page translation
emboss-explorer           Fix application menu when used with EMBOSS
                          Fix path to dpkg-divert; fix nfsroot package
fai                       list; lib/task_sysinfo: make sure device is a
                          valid block device before accessing it;
                          documentation updates
firecookie                Declare compatibility with newer iceweasel
firetray                  Restore compatibility with newer iceweasel
                          Machine database is case-sensitive so ensure
flash-kernel              that all instances of `Required-Packages' are
                          capitalized correctly
foxyproxy                 Declare compatibility with more recent
                          Mozilla software
freetds                   Make libiodbc Breaks versioned now that it
                          can load multiarch drivers
fwknop                    Fixed failure to send SPA packets due to
                          uninitialised variable
gajim                     Improve SSL/TLS handling; fix certificate
ghostscript               Fix endless loops related to unbalanced q/Q
glusterfs                 Fix use of ext4 backend with linux>=
gnome-settings-daemon     Stop installing security updates without
                          Improve GC deadlock handling; make the
gnome-shell               `disable-restart-buttons' option of gdm-shell
gosa                      Fix LDAP mass import
grub2                     Fix booting FreeBSD>= 9.1 amd64 kernels
                          Switch to libmozjs185-dev as the package
gxine                     fails to build with newer versions of
                          Fix ibus-setup breakage by setting all
ibus                      related packages to use --libexec=/usr/lib/
ibus-anthy                Fix libexecdir; add python-glade2 to Depends
ibus-hangul               Fix libexecdir
ibus-m17n                 Fix libexecdir
ibus-pinyin               Fix libexecdir
ibus-skk                  Fix libexecdir
ibus-sunpinyin            Fix libexecdir
ibus-xkbc                 Fix libexecdir
iceweasel                 Fix builds on several architectures
ifmetric                  Fix `NETLINK: Packet too small or truncated!'
intel-microcode           Update microcode
iso-scan                  Fix full search entry when no ISOs are found
                          Switch to people.debian.org URL for
kfreebsd-downloader       kernel.txz download; the old location no
                          longer works
krb5-auth-dialog          Fix krb5_principal_compare crashes on NULL
lftp                      Fix `splits input script file after byte
libdatetime-timezone-perl New upstream release
libdigest-sha-perl        Fix double-free when Digest::SHA object is
libmodule-metadata-perl   Don't claim not to execute code
libmodule-signature-perl  CVE-2013-2145: Fixes arbitrary code execution
                          when verifying SIGNATURE
libquvi-scripts           New upstream release
                          Fix libvirtd crash when destroying a domain
libvirt                   with attached console and race condition when
                          destroying guests; make sure qemu.conf isn't
                          world readable by default
                          Update to 3.2.51 / drm/agp 3.4.6; disable
linux                     SATA_INIC162X driver; improve efivars free
                          space check
lm-sensors                Skip probing for EDID or graphics cards, as
                          it might cause hardware issues
lvm2                      Fix udev rules to properly exclude special
                          devices and always call `udev sync'
mapserver                 Fix strict Content-Type matching; correctly
                          enable AGG support
                          Version libiodbc Breaks now that it can load
mdbtools                  multiarch drivers; fix SEGV in blob data
                          handling; fix double free SEGV in gmdb2
meta-gnome3               Demote xul-ext-adblock-plus to Suggests
moin                      Avoid creation of empty pagedir
                          Fix upstream copy of kpartx rules; call
multipath-tools           PREREQS before calling scripts/functions;
                          don't plain exit if root is on multipath
                          Stop segfaulting when listing folders with
mutt                      new mails over imap; don't send saved
                          messages to trash
myodbc                    Version libiodbc Breaks now that it can load
                          multiarch drivers
netcfg                    Fix check for whether network-manager is
                          Sanitise filenames to fix CVE-2013-4885
nmap                      (remote arbitrary file creation
openvpn                   Fix regression with `multihome' option
                          Disable JavaScript support as newer versions
openvrml                  of Mozilla's JS engine are not supported by
openvswitch               Reset upper layer protocol info on internal
                          Fix Digest::SHA double-free crash; fix issue
perl                      with shared references disappearing on sub
                          return; apply correctness patches from 5.14.4
                          Fix calculation of quorum length with low
perspectives-extension    number of notaries and/or low quorum
                          Fix several issues relating to traits; don't
php5                      reset mod_user_is_open in destroy to avoid an
                          annoying warning when using sessions
postgresql-common         Handle wheezy point release versions
pyopencl                  Remove non-free file from examples
python-defaults           Add symlink for /usr/bin/python2, used by
                          various non-distro scripts
                          Fix timeouts associated with only one of
python-dns                several available nameservers being
python-httplib2           Fix CVE-2013-2037; close connection on
                          certificate mismatch to avoid reuse
python-keystoneclient     Fix CVE-2013-2013: OpenStack keystone
                          password disclosure on command line
redmine                   Fix ruby 1.9.1 support
rt-tests                  Fix hackbench on armhf
                          Prevent autostart of rygel by default; the
rygel                     default configuration file exposes files to
                          the LAN
sage-extension            Fix compability with iceweasel 17; ensure
                          that links in the main window are clickable
samba                     Fix CVE-2013-4124: Denial of service - CPU
                          loop and memory allocation
shotwell                  Fix crash at startup
shutdown-at-night         Stop client wake-up cron job complaining
                          about unpingable machines
sitesummary               Fix robustness and kernel version parsing in
                          nagios plugin
                          Fix non-HTTPS logins; don't assume a `backup'
slbackup-php              host exists in DNS; search for configuration
                          file in a package-specific folder
smbldap-tools             Use correct name for net(8); fix qw() warning
stellarium                Prevent segfault when OpenGL is not present
subversion                Fix Python bindings when built against swig
                          Correct the Breaks on bootchart to ensure
sysvinit                  that all broken versions are removed on
                          Work around Facebook server behaviour change
telepathy-gabble          with service discovery; initialize libdbus
                          for thread-safety; fix potential FTBFS in
                          highly-parallel builds
telepathy-idle            Validate TLS certificates
tntnet                    Fix insecure default tntnet.conf
torrus                    Fix SNMPv1 maxrepetitions issues
trac                      New upstream stable release
ttytter                   Update to work with the Twitter 1.1 API
tzdata                    New upstream release
user-mode-linux           Rebuild against linux 3.2.51-1
uwsgi                     Fix loading of nagios plugin
virtinst                  Don't specify absolute paths to xen tools;
                          virt-clone: properly set image type
                          Repack to remove src/generator/
wv2                       generator_wword{6,8}.htm, which should have
                          been removed in earlier uploads
xinetd                    Fix CVE-2013-4342 making TCPMUX services
                          change the uid
xmonad-contrib            Fix CVE-2013-1436

Security Updates

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID     Package                    Correction(s)
 DSA-2698         tiff       Buffer overflow
 DSA-2699      iceweasel     Multiple issues
 DSA-2700      wireshark     Multiple issues
 DSA-2701         krb5       Denial of service
 DSA-2704         mesa       Out of bounds access
 DSA-2705       pymongo      Denial of service
 DSA-2706   chromium-browser Multiple issues
 DSA-2707         dbus       Denial of service
 DSA-2708       fail2ban     Denial of service
 DSA-2709      wireshark     Multiple issues
 DSA-2710    xml-security-c  Multiple issues
 DSA-2712        otrs2       Privilege escalation
 DSA-2713         curl       Heap overflow
 DSA-2714      kfreebsd-9    Programming error
 DSA-2715        puppet      Code execution
 DSA-2716      iceweasel     Multiple issues
 DSA-2717    xml-security-c  Heap overflow
 DSA-2718      wordpress     Multiple issues
 DSA-2721        nginx       Nginx security update
 DSA-2723         php5       Heap corruption
 DSA-2724   chromium-browser Multiple issues
 DSA-2725       tomcat6      Multiple issues
 DSA-2726      php-radius    Buffer overflow
 DSA-2728        bind9       Denial of service
 DSA-2729       openafs      Multiple issues
 DSA-2730        gnupg       Information leak
 DSA-2731     libgcrypt11    Information leak
 DSA-2732   chromium-browser Multiple issues
 DSA-2733        otrs2       SQL injection
 DSA-2734      wireshark     Multiple issues
 DSA-2735      iceweasel     Multiple issues
 DSA-2736        putty       Multiple issues
 DSA-2737        swift       Multiple issues
 DSA-2739        cacti       Multiple issues
 DSA-2740    python-django   Regression
 DSA-2741   chromium-browser Multiple issues
 DSA-2742         php5       Interpretation conflict
 DSA-2743      kfreebsd-9    Multiple issues
 DSA-2744         tiff       Multiple issues
 DSA-2745        linux       Multiple issues
 DSA-2745   user-mode-linux  Multiple issues
 DSA-2747        cacti       Multiple issues
 DSA-2748      exactimage    Denial of service
 DSA-2750     imagemagick    Buffer overflow
 DSA-2751      libmodplug    Multiple issues
 DSA-2752        phpbb3      Too wide permissions
 DSA-2753      mediawiki     Cross-site request forgery token disclosure
 DSA-2754      exactimage    Denial of service
 DSA-2755    python-django   Directory traversal
 DSA-2756      wireshark     Multiple issues
 DSA-2758    python-django   Denial of service
 DSA-2759      iceweasel     Multiple issues
 DSA-2760        chrony      Multiple issues
 DSA-2761        puppet      Multiple issues
 DSA-2763      pyopenssl     Hostname check bypassing
 DSA-2764       libvirt      Programming error
 DSA-2765        davfs2      Privilege escalation
 DSA-2767     proftpd-dfsg   Denial of service

Removed packages

The following packages were removed due to circumstances beyond our

  Package                Reason
chmsee      Fails to build with Iceweasel 17
dactyl      Incompatible with Iceweasel 17
edbrowse    Incompatible with Iceweasel 17
jclicmoodle Requires missing moodle
pyxpcom     Incompatible with Iceweasel 17
turpial     Broken by Twitter changes

Debian Installer

The installer has been updated to add support for QNAP TS-12x, TS-22x
and TS-42x devices, to correctly detect whether network interfaces
should be managed via `NetworkManager' and to include the fixes
incorporated into stable by the point release.


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information

For further information, please visit the Debian web pages at 
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Reply to: