------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Updated Debian 7: 7.6 released press@debian.org July 12th, 2014 http://www.debian.org/News/2014/20140712 ------------------------------------------------------------------------ The Debian project is pleased to announce the sixth update of its stable distribution Debian 7 (codename "wheezy"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old "wheezy" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +---------------------------+-----------------------------------------+ | Package | Reason | +---------------------------+-----------------------------------------+ | apache2 | Support ECC keys and ECDH ciphers; | | | mod_proxy: fix crashes under load; | | | mod_dav: fix potential DoS [CVE-2013- | | | 6438]; mod_log_config: fix cookie | | | logging | | apt-cacher-ng | Fix cross-site scripting via 403 | | | responses [CVE-2014-4510] | | automake1.9-nonfree | Add empty prerm to ensure a clean | | | upgrade path in case of install-info | | | removal | | base-files | Update for the point release | | catfish | Fix regression from previous security | | | update | | clamav | New upstream release; fix a crash while | | | using clamscan | | cmus | Fix build failure related to the | | | libmodplug upgrade in DSA 2751 | | cups | Fix XSS in the CUPS web interface; fix | | | syntax errors in Hungarian templates | | cyrus-imapd-2.4 | Fix missing GUID for binary appends; | | | fix broken nntpd | | dbus | Fix denial of service [CVE-2014-3477] | | duo-unix | Update upstream HTTPS certificates; | | | improve support for SHA2 in HTTPS | | eglibc | Fix issues which could break dynamic | | | linker on biarch systems; fix | | | regression in IPv6 name resolution; fix | | | February month name in de_AT locale; | | | fix backtrace() on mips; fix | | | nl_langinfo() when used in static | | | binaries | | elib | Rebuild with current debhelper | | firebug | Take over xul-ext-firecookie, as | | | firebug now provides all its | | | functionality; remove copyrighted ICC | | | profile | | hdf5 | Rebuild against current wheezy gfortran | | intel-microcode | Updated microcode; new upstream release | | ldns | Fix default permissions on private | | | DNSKEYs generated by ldns-keygen | | | [CVE-2014-3209] | | libdatetime-timezone- | New upstream release | | perl | | | libdbi-perl | Remove dependency on to-be-removed | | | libplrpc-perl | | libflickr-api-perl | Update URLs in line with upstream | | | changes | | libjpeg6b | Fix memory disclosure vulnerabilities | | | [CVE-2013-6629 CVE-2013-6630] | | libjpeg8 | Fix memory disclosure vulnerabilities | | | [CVE-2013-6629 CVE-2013-6630] | | libopenobex | Fix segfault when transferring files | | maitreya | Replace font to avoid copyright issues | | mobile-broadband- | Update included data | | provider-info | | | nostalgy | Add support for newer icedove versions | | openchange | Remove packages which depend on | | | previously removed samba4 packages | | openssh | Restore patch to disable OpenSSL | | | version check | | openssl | Don't prefer ECDHE_ECDSA with some | | | Safari versions; actually restart the | | | services when restart-without-asking is | | | set | | policyd-weight | Fix infinite loop if resolver only | | | reachable via IPv6 | | proftpd-mod-geoip | Remove useless and buggy proftpd-mod- | | | geoip.postrm script | | py3dns | Fix timeouts associated with only one | | | of several available nameservers being | | | unavailable; correctly deal with source | | | port already in use errors | | pydap | Add "dap" to namespace_packages in | | | setup.py | | quassel | Fix certificate permissions | | scheme48 | Fix insecure use of temporary file | | | [CVE-2014-4150] | | sieve-extension | Add support for newer icedove versions | | sks | Fix cross-site scripting [CVE-2014- | | | 3207]; improve Berkeley DB upgrade | | | handling | | squid3 | Fix sporadic assertion failure under | | | high load | | suds | Fix insecure creation of cache paths | | tor | New upstream release | | tzdata | New upstream release | | unbound | Fix crash when using DNSSEC and num- | | | threads > 1 | | win32-loader | Update embedded dependencies | | wireless-regdb | Update data | | xmms2 | Fix build failure related to the | | | libmodplug upgrade in DSA 2751 | +---------------------------+-----------------------------------------+ Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+-----------------------------+ | Advisory ID | Package | +----------------+-----------------------------+ | DSA-2808 | openjpeg | | DSA-2913 | drupal7 | | DSA-2915 | dpkg | | DSA-2916 | libmms | | DSA-2917 | super | | DSA-2919 | mysql-5.5 | | DSA-2920 | chromium-browser | | DSA-2921 | xbuffy | | DSA-2922 | strongswan | | DSA-2925 | rxvt-unicode | | DSA-2927 | libxfont | | DSA-2929 | ruby-actionpack-3.2 | | DSA-2930 | chromium-browser | | DSA-2931 | openssl | | DSA-2932 | qemu | | DSA-2933 | qemu-kvm | | DSA-2934 | python-django | | DSA-2935 | libgadu | | DSA-2936 | torque | | DSA-2937 | mod-wsgi | | DSA-2939 | chromium-browser | | DSA-2941 | lxml | | DSA-2942 | typo3-src | | DSA-2943 | php5 | | DSA-2944 | gnutls26 | | DSA-2945 | chkrootkit | | DSA-2946 | python-gnupg | | DSA-2947 | libav | | DSA-2948 | python-bottle | | DSA-2949 | linux | | DSA-2950 | openssl | | DSA-2951 | mupdf | | DSA-2952 | kfreebsd-9 | | DSA-2953 | dpkg | | DSA-2954 | dovecot | | DSA-2956 | icinga | | DSA-2957 | mediawiki | | DSA-2958 | apt | | DSA-2959 | chromium-browser | | DSA-2961 | php5 | | DSA-2962 | nspr | | DSA-2963 | lucene-solr | | DSA-2964 | iodine | | DSA-2965 | tiff | | DSA-2966 | samba | | DSA-2967 | gnupg | | DSA-2968 | gnupg2 | | DSA-2969 | libemail-address-perl | | DSA-2970 | cacti | | DSA-2971 | dbus | | DSA-2972 | linux | +----------------+-----------------------------+ Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-----------------------+----------------------------------------------+ | Package | Reason | +-----------------------+----------------------------------------------+ | whatsnewfm | Obsolete as freecode.com no longer accepting | | | submissions | | libplrpc-perl | Security issues | | firecookie | Obsolete; superseded by firebug | | freecode-submit | Obsolete as freecode.com no longer accepting | | | submissions | +-----------------------+----------------------------------------------+ URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/wheezy/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): http://www.debian.org/releases/stable/ Security announcements and information: http://security.debian.org/ ; About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>. --
Attachment:
signature.asc
Description: Digital signature