------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.1 released press@debian.org
June 6th, 2015 https://www.debian.org/News/2015/20150606
------------------------------------------------------------------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+-------------------------------------------+
| Package | Reason |
+--------------------------+-------------------------------------------+
| base-files [1] | Update for the point release |
| | |
| berkeley-abc [2] | Fix big-endian issues, memory alignment |
| | and reproducible build |
| | |
| blackbox [3] | Fix possible loss of focus when clicking |
| | on a window |
| | |
| caja [4] | Postpone automount actions while session |
| | locked by screensaver |
| | |
| clamav [5] | Fix clamav-daemon installability with |
| | custom PidFile; new upstream version |
| | |
| cproto [6] | Make -X command line option work again |
| | |
| cwm [7] | Fix "Lookups for 'exec' and 'wm' fail on |
| | XFS" by adding an extra check using |
| | lstat() if the d_type check fails |
| | |
| dbus [8] | Change the default configuration for the |
| | session bus to only allow EXTERNAL |
| | authentication (secure kernel-mediated |
| | credentials-passing), as was already done |
| | for the system bus |
| | |
| debian-installer [9] | Append DTB for SheevaPlug, SheevaPlug |
| | eSATA and GuruPlug; build against |
| | proposed-updates |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [10] | |
| | |
| debian-lan-config [11] | Fix package names on i386; switch back to |
| | nfsv3 to avoid freezes; disable adzapper |
| | and browser-plugin-gnash as they're not |
| | in jessie; add libcgi-fast-perl to make |
| | the zoom in munin work; make installation |
| | of sudo-ldap and exim4-daemon-heavy more |
| | robust |
| | |
| didjvu [12] | Fix insecure tempfile use |
| | |
| ejabberd [13] | Add --enable-transient_supervisors build- |
| | flag; accept trailing newline characters |
| | in Base64 strings; drop debian/ejabberd.8 |
| | as there is no "ejabberd" executable |
| | any more |
| | |
| exactimage [14] | Fix integer overflow in the ljpeg_start |
| | function in dcraw [CVE-2015-3885] |
| | |
| fai [15] | Setup-storage: add support for parted |
| | 2.4; fai: Fix IP address lifetime |
| | |
| feed2imap [16] | Fix filter usage and "include-images" |
| | option |
| | |
| freeorion [17] | Fix build failure |
| | |
| ganeti [18] | New upstream stable release |
| | |
| gdnsd [19] | Fix incorrect error message, per-address |
| | level udp_recv_width option limit, |
| | plugin_extmon bugfix for bad timeout/ |
| | interval behaviour if either is >255s, |
| | fix possible binding to incorrect port on |
| | startup |
| | |
| gnome-shell [20] | Upstream bugfix and translation update; |
| | workaround issue with wallpaper breaking |
| | after resume with NVIDIA drivers |
| | |
| gnutls28 [21] | Fix use-after-free flaw in |
| | gnutls_x509_ext_import_crl_dist_points() |
| | [CVE-2015-3308] |
| | |
| hello [22] | Test upload for jessie-security |
| | |
| ibus-cangjie [23] | Fix duplicate character issue, Python |
| | tracebacks, placement of candidate popup |
| | and Taiwanese translation |
| | |
| installation-guide [24] | Remove mention of kfreebsd as supported |
| | archs for Jessie; revert to documenting |
| | that the text installer is still the |
| | default; fix kernel source compression |
| | extension in kernel-baking.xml; add an |
| | example preseed entry for setting up |
| | multi-arch; fix custom revision in make- |
| | kpkg example |
| | |
| ircd-hybrid [25] | Fix a DoS from localhost clients; |
| | configuration script no longer ignores |
| | the result of upgrade questions; support |
| | chained SSL certificates; don't display |
| | upgrade warnings on new installs |
| | |
| lastpass-cli [26] | Update upstream CA certificate |
| | |
| libav [27] | Fix use of illegal instruction on i586 |
| | |
| libdatetime-timezone- | New upstream release |
| perl [28] | |
| | |
| libdebian-installer [29] | Add device tree variants for supported |
| | armel/kirkwood devices |
| | |
| libi18n-charset- | Remove a stray 'use blib' line |
| perl [30] | |
| | |
| libinfinity [31] | Fix certificates only being checked for |
| | issues if the CA is not trusted; fix a |
| | client-side crash when the server shuts |
| | down; fix some assertion failures and |
| | inconsistencies in InfTextFixlineBuffer |
| | [CVE-2015-3886] |
| | |
| libraw [32] | Fix DoS via crafted image [CVE-2015-3885] |
| | |
| libvncserver [33] | Ensure libgcrypt is initialised before |
| | use; replace non-free SHA1 implementation |
| | |
| linux [34] | Update to upstream 3.16.7-ctk11; ext4: |
| | fix data corruption caused by unwritten |
| | and delayed extents; libata: Update |
| | Crucial/Micron blacklist, blacklist |
| | queued TRIM on Samsung SSD 850 Pro; USB: |
| | Add support for XHCI on APM Mustang |
| | |
| mate-desktop [35] | Add libstartup-notification0-dev and |
| | libdconf-dev to the dependencies of |
| | libmate-desktop-dev |
| | |
| mate-netbook [36] | Ensure Window Picker applet doesn't |
| | override mate-maximus |
| | |
| mate-utils [37] | Show correct error message if loading of |
| | the mate-screenshot UI fails |
| | |
| mew [38] | Tighten e-mail address match to avoid |
| | incorrect key being used for encryption |
| | |
| mew-beta [39] | Tighten e-mail address match to avoid |
| | incorrect key being used for encryption |
| | |
| multipath-tools [40] | Include dm-service-time in the initramfs |
| | as it's now the default, fixing boot from |
| | multipath |
| | |
| mutter [41] | Upstream bugfix and translation update; |
| | workaround issue with wallpaper breaking |
| | after resume with NVIDIA drivers |
| | |
| needrestart [42] | Fix warnings and errors if a process does |
| | not have a valid working directory, |
| | kernel version sorting and Perl warnings |
| | while scanning dangling kernel symlinks |
| | |
| node-groove [43] | Fix CPU usage |
| | |
| open-iscsi [44] | Ensure udebs are populated on all |
| | supported architectures |
| | |
| opencv [45] | Build with -march=i586 instead of - |
| | march=i686 on i386 |
| | |
| openstack-debian- | Disable /etc/modules update for acpiphp |
| images [46] | and pci_hotplug; add security repository |
| | to jessie images; fix ACPI shutdown for |
| | wheezy and jessie; add nano by default |
| | for non-minimal images |
| | |
| osmosis [47] | Fix java.lang.ClassCastException for |
| | java.util.HashMap to |
| | org.openstreetmap.osmosis.hstore.PGHStore |
| | |
| pdf2djvu [48] | Fix insecure tempfile usage |
| | |
| pdns [49] | Security update |
| | |
| pdns-recursor [50] | Security update |
| | |
| perl [51] | Make the Perl debugger work with threaded |
| | programs again |
| | |
| pgbouncer [52] | Fix remote crash - invalid packet order |
| | causes lookup of NULL pointer [CVE-2015- |
| | 4054] |
| | |
| php-horde [53] | Fix XSS in group administration |
| | |
| php-horde-passwd [54] | Fix password change via Kolab driver |
| | |
| phpbb3 [55] | Fix possible redirect vulnerability |
| | [CVE-2015-3880] |
| | |
| postgresql-9.4 [56] | New upstream version: avoid failures |
| | while fsync'ing data directory during |
| | crash restart |
| | |
| python-dbusmock [57] | Prevent code execution through crafted |
| | pyc files [CVE-2015-1326] |
| | |
| qcontrol [58] | Wait for necessary devices to appear |
| | before starting, working around an issue |
| | exposed by systemd LSB compatibility mode |
| | |
| qt4-x11 [59] | Fix crashes in GIF, BMP and ICO decoders |
| | [CVE-2015-1858 CVE-2015-1859 CVE-2015- |
| | 1860] |
| | |
| qtbase-opensource- | Fix crashes in GIF, BMP and ICO decoders |
| src [60] | [CVE-2015-0295 CVE-2015-1858 CVE-2015- |
| | 1859 CVE-2015-1860] |
| | |
| ruby-defaults [61] | Add "Conflicts: ruby-activesupport-2.3" |
| | to help upgrades from Wheezy |
| | |
| semi [62] | Tighten e-mail address match to avoid |
| | incorrect key being used for encryption |
| | |
| smstools [63] | Drop non-policy-compliant "reload" |
| | option from the init script; use "force- |
| | reload" for logrotate |
| | |
| systemd [64] | Revert immediate SIGKILLing of units |
| | during shutdown, leading to cleanup |
| | failures; write_net_rules: escape '{' and |
| | '}', to work with busybox grep; manager: |
| | pass correct errno to strerror() |
| | |
| tasksel [65] | Make task-xfce-desktop recommend evince- |
| | gtk | evince instead of just evince-gtk, |
| | making the GNOME and Xfce desktop tasks |
| | co-installable |
| | |
| tecnoballz [66] | Fix multiple gameplay issues - minimum |
| | distance of bouncers to walls in boss |
| | levels, gigablitz gague not working, |
| | right click could exit game |
| | |
| tlsdate [67] | Switch from www.ptb.de to www.google.com |
| | as the former is now sending randomized |
| | gmt values |
| | |
| torbrowser-launcher [68] | Handle paths which changed in the |
| | torbrowser 4.5 release; remove no longer |
| | working "accept links" folder; stop |
| | acting as default browser |
| | |
| translate-shell [69] | Restore functionality by switching to new |
| | Google Translate API |
| | |
| tzdata [70] | New upstream release |
| | |
| ulogd2 [71] | Correct JSON output of integer types on |
| | big-endian systems |
| | |
| unattended-upgrades [72] | Fix default configuration to match |
| | jessie-security |
| | |
| usemod-wiki [73] | Adjust startform/endform to start_form/ |
| | end_form for compatibility with libcgi- |
| | pm-perl |
| | |
| virtualbox [74] | Fix crash in raw mode; fix kernel paging |
| | issue, enabling operation on Broadwell |
| | CPUs |
| | |
| win32-loader [75] | Replace the Joy screenshot by a recent |
| | Lines screenshot; replace http.debian.net |
| | with httpredir.debian.org |
| | |
+--------------------------+-------------------------------------------+
1: https://packages.debian.org/src:base-files
2: https://packages.debian.org/src:berkeley-abc
3: https://packages.debian.org/src:blackbox
4: https://packages.debian.org/src:caja
5: https://packages.debian.org/src:clamav
6: https://packages.debian.org/src:cproto
7: https://packages.debian.org/src:cwm
8: https://packages.debian.org/src:dbus
9: https://packages.debian.org/src:debian-installer
10: https://packages.debian.org/src:debian-installer-netboot-images
11: https://packages.debian.org/src:debian-lan-config
12: https://packages.debian.org/src:didjvu
13: https://packages.debian.org/src:ejabberd
14: https://packages.debian.org/src:exactimage
15: https://packages.debian.org/src:fai
16: https://packages.debian.org/src:feed2imap
17: https://packages.debian.org/src:freeorion
18: https://packages.debian.org/src:ganeti
19: https://packages.debian.org/src:gdnsd
20: https://packages.debian.org/src:gnome-shell
21: https://packages.debian.org/src:gnutls28
22: https://packages.debian.org/src:hello
23: https://packages.debian.org/src:ibus-cangjie
24: https://packages.debian.org/src:installation-guide
25: https://packages.debian.org/src:ircd-hybrid
26: https://packages.debian.org/src:lastpass-cli
27: https://packages.debian.org/src:libav
28: https://packages.debian.org/src:libdatetime-timezone-perl
29: https://packages.debian.org/src:libdebian-installer
30: https://packages.debian.org/src:libi18n-charset-perl
31: https://packages.debian.org/src:libinfinity
32: https://packages.debian.org/src:libraw
33: https://packages.debian.org/src:libvncserver
34: https://packages.debian.org/src:linux
35: https://packages.debian.org/src:mate-desktop
36: https://packages.debian.org/src:mate-netbook
37: https://packages.debian.org/src:mate-utils
38: https://packages.debian.org/src:mew
39: https://packages.debian.org/src:mew-beta
40: https://packages.debian.org/src:multipath-tools
41: https://packages.debian.org/src:mutter
42: https://packages.debian.org/src:needrestart
43: https://packages.debian.org/src:node-groove
44: https://packages.debian.org/src:open-iscsi
45: https://packages.debian.org/src:opencv
46: https://packages.debian.org/src:openstack-debian-images
47: https://packages.debian.org/src:osmosis
48: https://packages.debian.org/src:pdf2djvu
49: https://packages.debian.org/src:pdns
50: https://packages.debian.org/src:pdns-recursor
51: https://packages.debian.org/src:perl
52: https://packages.debian.org/src:pgbouncer
53: https://packages.debian.org/src:php-horde
54: https://packages.debian.org/src:php-horde-passwd
55: https://packages.debian.org/src:phpbb3
56: https://packages.debian.org/src:postgresql-9.4
57: https://packages.debian.org/src:python-dbusmock
58: https://packages.debian.org/src:qcontrol
59: https://packages.debian.org/src:qt4-x11
60: https://packages.debian.org/src:qtbase-opensource-src
61: https://packages.debian.org/src:ruby-defaults
62: https://packages.debian.org/src:semi
63: https://packages.debian.org/src:smstools
64: https://packages.debian.org/src:systemd
65: https://packages.debian.org/src:tasksel
66: https://packages.debian.org/src:tecnoballz
67: https://packages.debian.org/src:tlsdate
68: https://packages.debian.org/src:torbrowser-launcher
69: https://packages.debian.org/src:translate-shell
70: https://packages.debian.org/src:tzdata
71: https://packages.debian.org/src:ulogd2
72: https://packages.debian.org/src:unattended-upgrades
73: https://packages.debian.org/src:usemod-wiki
74: https://packages.debian.org/src:virtualbox
75: https://packages.debian.org/src:win32-loader
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------------+
| Advisory ID | Package |
+----------------+--------------------------------+
| DSA-3229 [76] | mysql-5.5 [77] |
| DSA-3230 [78] | django-markupfield [79] |
| DSA-3232 [80] | curl [81] |
| DSA-3233 [82] | wpa [83] |
| DSA-3236 [84] | libreoffice [85] |
| DSA-3237 [86] | linux [87] |
| DSA-3238 [88] | chromium-browser [89] |
| DSA-3239 [90] | icecast2 [91] |
| DSA-3240 [92] | curl [93] |
| DSA-3241 [94] | elasticsearch [95] |
| DSA-3242 [96] | chromium-browser [97] |
| DSA-3243 [98] | libxml-libxml-perl [99] |
| DSA-3244 [100] | owncloud [101] |
| DSA-3247 [102] | ruby2.1 [103] |
| DSA-3250 [104] | wordpress [105] |
| DSA-3251 [106] | dnsmasq [107] |
| DSA-3252 [108] | sqlite3 [109] |
| DSA-3253 [110] | pound [111] |
| DSA-3254 [112] | suricata [113] |
| DSA-3255 [114] | zeromq3 [115] |
| DSA-3256 [116] | libtasn1-6 [117] |
| DSA-3257 [118] | mercurial [119] |
| DSA-3258 [120] | quassel [121] |
| DSA-3259 [122] | qemu [123] |
| DSA-3261 [124] | libtest-signature-perl [125] |
| DSA-3261 [126] | libmodule-signature-perl [127] |
| DSA-3263 [128] | proftpd-dfsg [129] |
| DSA-3264 [130] | icedove [131] |
| DSA-3265 [132] | zendframework [133] |
| DSA-3266 [134] | fuse [135] |
| DSA-3267 [136] | chromium-browser [137] |
| DSA-3268 [138] | ntfs-3g [139] |
| DSA-3269 [140] | postgresql-9.1 [141] |
| DSA-3270 [142] | postgresql-9.4 [143] |
| DSA-3271 [144] | nbd [145] |
| DSA-3272 [146] | ipsec-tools [147] |
| DSA-3274 [148] | virtualbox [149] |
| DSA-3275 [150] | fusionforge [151] |
+----------------+--------------------------------+
76: https://www.debian.org/security/2015/dsa-3229
77: https://packages.debian.org/src:mysql-5.5
78: https://www.debian.org/security/2015/dsa-3230
79: https://packages.debian.org/src:django-markupfield
80: https://www.debian.org/security/2015/dsa-3232
81: https://packages.debian.org/src:curl
82: https://www.debian.org/security/2015/dsa-3233
83: https://packages.debian.org/src:wpa
84: https://www.debian.org/security/2015/dsa-3236
85: https://packages.debian.org/src:libreoffice
86: https://www.debian.org/security/2015/dsa-3237
87: https://packages.debian.org/src:linux
88: https://www.debian.org/security/2015/dsa-3238
89: https://packages.debian.org/src:chromium-browser
90: https://www.debian.org/security/2015/dsa-3239
91: https://packages.debian.org/src:icecast2
92: https://www.debian.org/security/2015/dsa-3240
93: https://packages.debian.org/src:curl
94: https://www.debian.org/security/2015/dsa-3241
95: https://packages.debian.org/src:elasticsearch
96: https://www.debian.org/security/2015/dsa-3242
97: https://packages.debian.org/src:chromium-browser
98: https://www.debian.org/security/2015/dsa-3243
99: https://packages.debian.org/src:libxml-libxml-perl
100: https://www.debian.org/security/2015/dsa-3244
101: https://packages.debian.org/src:owncloud
102: https://www.debian.org/security/2015/dsa-3247
103: https://packages.debian.org/src:ruby2.1
104: https://www.debian.org/security/2015/dsa-3250
105: https://packages.debian.org/src:wordpress
106: https://www.debian.org/security/2015/dsa-3251
107: https://packages.debian.org/src:dnsmasq
108: https://www.debian.org/security/2015/dsa-3252
109: https://packages.debian.org/src:sqlite3
110: https://www.debian.org/security/2015/dsa-3253
111: https://packages.debian.org/src:pound
112: https://www.debian.org/security/2015/dsa-3254
113: https://packages.debian.org/src:suricata
114: https://www.debian.org/security/2015/dsa-3255
115: https://packages.debian.org/src:zeromq3
116: https://www.debian.org/security/2015/dsa-3256
117: https://packages.debian.org/src:libtasn1-6
118: https://www.debian.org/security/2015/dsa-3257
119: https://packages.debian.org/src:mercurial
120: https://www.debian.org/security/2015/dsa-3258
121: https://packages.debian.org/src:quassel
122: https://www.debian.org/security/2015/dsa-3259
123: https://packages.debian.org/src:qemu
124: https://www.debian.org/security/2015/dsa-3261
125: https://packages.debian.org/src:libtest-signature-perl
126: https://www.debian.org/security/2015/dsa-3261
127: https://packages.debian.org/src:libmodule-signature-perl
128: https://www.debian.org/security/2015/dsa-3263
129: https://packages.debian.org/src:proftpd-dfsg
130: https://www.debian.org/security/2015/dsa-3264
131: https://packages.debian.org/src:icedove
132: https://www.debian.org/security/2015/dsa-3265
133: https://packages.debian.org/src:zendframework
134: https://www.debian.org/security/2015/dsa-3266
135: https://packages.debian.org/src:fuse
136: https://www.debian.org/security/2015/dsa-3267
137: https://packages.debian.org/src:chromium-browser
138: https://www.debian.org/security/2015/dsa-3268
139: https://packages.debian.org/src:ntfs-3g
140: https://www.debian.org/security/2015/dsa-3269
141: https://packages.debian.org/src:postgresql-9.1
142: https://www.debian.org/security/2015/dsa-3270
143: https://packages.debian.org/src:postgresql-9.4
144: https://www.debian.org/security/2015/dsa-3271
145: https://packages.debian.org/src:nbd
146: https://www.debian.org/security/2015/dsa-3272
147: https://packages.debian.org/src:ipsec-tools
148: https://www.debian.org/security/2015/dsa-3274
149: https://packages.debian.org/src:virtualbox
150: https://www.debian.org/security/2015/dsa-3275
151: https://packages.debian.org/src:fusionforge
URLs
----
The complete lists of packages that have changed with this revision:
http://httpredir.debian.org/debian/dists/jessie/ChangeLog
The current stable distribution:
http://httpredir.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://httpredir.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/ [152]
152: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part