------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.1 released press@debian.org June 6th, 2015 https://www.debian.org/News/2015/20150606 ------------------------------------------------------------------------ The Debian project is pleased to announce the first update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +--------------------------+-------------------------------------------+ | Package | Reason | +--------------------------+-------------------------------------------+ | base-files [1] | Update for the point release | | | | | berkeley-abc [2] | Fix big-endian issues, memory alignment | | | and reproducible build | | | | | blackbox [3] | Fix possible loss of focus when clicking | | | on a window | | | | | caja [4] | Postpone automount actions while session | | | locked by screensaver | | | | | clamav [5] | Fix clamav-daemon installability with | | | custom PidFile; new upstream version | | | | | cproto [6] | Make -X command line option work again | | | | | cwm [7] | Fix "Lookups for 'exec' and 'wm' fail on | | | XFS" by adding an extra check using | | | lstat() if the d_type check fails | | | | | dbus [8] | Change the default configuration for the | | | session bus to only allow EXTERNAL | | | authentication (secure kernel-mediated | | | credentials-passing), as was already done | | | for the system bus | | | | | debian-installer [9] | Append DTB for SheevaPlug, SheevaPlug | | | eSATA and GuruPlug; build against | | | proposed-updates | | | | | debian-installer- | Rebuild for the point release | | netboot-images [10] | | | | | | debian-lan-config [11] | Fix package names on i386; switch back to | | | nfsv3 to avoid freezes; disable adzapper | | | and browser-plugin-gnash as they're not | | | in jessie; add libcgi-fast-perl to make | | | the zoom in munin work; make installation | | | of sudo-ldap and exim4-daemon-heavy more | | | robust | | | | | didjvu [12] | Fix insecure tempfile use | | | | | ejabberd [13] | Add --enable-transient_supervisors build- | | | flag; accept trailing newline characters | | | in Base64 strings; drop debian/ejabberd.8 | | | as there is no "ejabberd" executable | | | any more | | | | | exactimage [14] | Fix integer overflow in the ljpeg_start | | | function in dcraw [CVE-2015-3885] | | | | | fai [15] | Setup-storage: add support for parted | | | 2.4; fai: Fix IP address lifetime | | | | | feed2imap [16] | Fix filter usage and "include-images" | | | option | | | | | freeorion [17] | Fix build failure | | | | | ganeti [18] | New upstream stable release | | | | | gdnsd [19] | Fix incorrect error message, per-address | | | level udp_recv_width option limit, | | | plugin_extmon bugfix for bad timeout/ | | | interval behaviour if either is >255s, | | | fix possible binding to incorrect port on | | | startup | | | | | gnome-shell [20] | Upstream bugfix and translation update; | | | workaround issue with wallpaper breaking | | | after resume with NVIDIA drivers | | | | | gnutls28 [21] | Fix use-after-free flaw in | | | gnutls_x509_ext_import_crl_dist_points() | | | [CVE-2015-3308] | | | | | hello [22] | Test upload for jessie-security | | | | | ibus-cangjie [23] | Fix duplicate character issue, Python | | | tracebacks, placement of candidate popup | | | and Taiwanese translation | | | | | installation-guide [24] | Remove mention of kfreebsd as supported | | | archs for Jessie; revert to documenting | | | that the text installer is still the | | | default; fix kernel source compression | | | extension in kernel-baking.xml; add an | | | example preseed entry for setting up | | | multi-arch; fix custom revision in make- | | | kpkg example | | | | | ircd-hybrid [25] | Fix a DoS from localhost clients; | | | configuration script no longer ignores | | | the result of upgrade questions; support | | | chained SSL certificates; don't display | | | upgrade warnings on new installs | | | | | lastpass-cli [26] | Update upstream CA certificate | | | | | libav [27] | Fix use of illegal instruction on i586 | | | | | libdatetime-timezone- | New upstream release | | perl [28] | | | | | | libdebian-installer [29] | Add device tree variants for supported | | | armel/kirkwood devices | | | | | libi18n-charset- | Remove a stray 'use blib' line | | perl [30] | | | | | | libinfinity [31] | Fix certificates only being checked for | | | issues if the CA is not trusted; fix a | | | client-side crash when the server shuts | | | down; fix some assertion failures and | | | inconsistencies in InfTextFixlineBuffer | | | [CVE-2015-3886] | | | | | libraw [32] | Fix DoS via crafted image [CVE-2015-3885] | | | | | libvncserver [33] | Ensure libgcrypt is initialised before | | | use; replace non-free SHA1 implementation | | | | | linux [34] | Update to upstream 3.16.7-ctk11; ext4: | | | fix data corruption caused by unwritten | | | and delayed extents; libata: Update | | | Crucial/Micron blacklist, blacklist | | | queued TRIM on Samsung SSD 850 Pro; USB: | | | Add support for XHCI on APM Mustang | | | | | mate-desktop [35] | Add libstartup-notification0-dev and | | | libdconf-dev to the dependencies of | | | libmate-desktop-dev | | | | | mate-netbook [36] | Ensure Window Picker applet doesn't | | | override mate-maximus | | | | | mate-utils [37] | Show correct error message if loading of | | | the mate-screenshot UI fails | | | | | mew [38] | Tighten e-mail address match to avoid | | | incorrect key being used for encryption | | | | | mew-beta [39] | Tighten e-mail address match to avoid | | | incorrect key being used for encryption | | | | | multipath-tools [40] | Include dm-service-time in the initramfs | | | as it's now the default, fixing boot from | | | multipath | | | | | mutter [41] | Upstream bugfix and translation update; | | | workaround issue with wallpaper breaking | | | after resume with NVIDIA drivers | | | | | needrestart [42] | Fix warnings and errors if a process does | | | not have a valid working directory, | | | kernel version sorting and Perl warnings | | | while scanning dangling kernel symlinks | | | | | node-groove [43] | Fix CPU usage | | | | | open-iscsi [44] | Ensure udebs are populated on all | | | supported architectures | | | | | opencv [45] | Build with -march=i586 instead of - | | | march=i686 on i386 | | | | | openstack-debian- | Disable /etc/modules update for acpiphp | | images [46] | and pci_hotplug; add security repository | | | to jessie images; fix ACPI shutdown for | | | wheezy and jessie; add nano by default | | | for non-minimal images | | | | | osmosis [47] | Fix java.lang.ClassCastException for | | | java.util.HashMap to | | | org.openstreetmap.osmosis.hstore.PGHStore | | | | | pdf2djvu [48] | Fix insecure tempfile usage | | | | | pdns [49] | Security update | | | | | pdns-recursor [50] | Security update | | | | | perl [51] | Make the Perl debugger work with threaded | | | programs again | | | | | pgbouncer [52] | Fix remote crash - invalid packet order | | | causes lookup of NULL pointer [CVE-2015- | | | 4054] | | | | | php-horde [53] | Fix XSS in group administration | | | | | php-horde-passwd [54] | Fix password change via Kolab driver | | | | | phpbb3 [55] | Fix possible redirect vulnerability | | | [CVE-2015-3880] | | | | | postgresql-9.4 [56] | New upstream version: avoid failures | | | while fsync'ing data directory during | | | crash restart | | | | | python-dbusmock [57] | Prevent code execution through crafted | | | pyc files [CVE-2015-1326] | | | | | qcontrol [58] | Wait for necessary devices to appear | | | before starting, working around an issue | | | exposed by systemd LSB compatibility mode | | | | | qt4-x11 [59] | Fix crashes in GIF, BMP and ICO decoders | | | [CVE-2015-1858 CVE-2015-1859 CVE-2015- | | | 1860] | | | | | qtbase-opensource- | Fix crashes in GIF, BMP and ICO decoders | | src [60] | [CVE-2015-0295 CVE-2015-1858 CVE-2015- | | | 1859 CVE-2015-1860] | | | | | ruby-defaults [61] | Add "Conflicts: ruby-activesupport-2.3" | | | to help upgrades from Wheezy | | | | | semi [62] | Tighten e-mail address match to avoid | | | incorrect key being used for encryption | | | | | smstools [63] | Drop non-policy-compliant "reload" | | | option from the init script; use "force- | | | reload" for logrotate | | | | | systemd [64] | Revert immediate SIGKILLing of units | | | during shutdown, leading to cleanup | | | failures; write_net_rules: escape '{' and | | | '}', to work with busybox grep; manager: | | | pass correct errno to strerror() | | | | | tasksel [65] | Make task-xfce-desktop recommend evince- | | | gtk | evince instead of just evince-gtk, | | | making the GNOME and Xfce desktop tasks | | | co-installable | | | | | tecnoballz [66] | Fix multiple gameplay issues - minimum | | | distance of bouncers to walls in boss | | | levels, gigablitz gague not working, | | | right click could exit game | | | | | tlsdate [67] | Switch from www.ptb.de to www.google.com | | | as the former is now sending randomized | | | gmt values | | | | | torbrowser-launcher [68] | Handle paths which changed in the | | | torbrowser 4.5 release; remove no longer | | | working "accept links" folder; stop | | | acting as default browser | | | | | translate-shell [69] | Restore functionality by switching to new | | | Google Translate API | | | | | tzdata [70] | New upstream release | | | | | ulogd2 [71] | Correct JSON output of integer types on | | | big-endian systems | | | | | unattended-upgrades [72] | Fix default configuration to match | | | jessie-security | | | | | usemod-wiki [73] | Adjust startform/endform to start_form/ | | | end_form for compatibility with libcgi- | | | pm-perl | | | | | virtualbox [74] | Fix crash in raw mode; fix kernel paging | | | issue, enabling operation on Broadwell | | | CPUs | | | | | win32-loader [75] | Replace the Joy screenshot by a recent | | | Lines screenshot; replace http.debian.net | | | with httpredir.debian.org | | | | +--------------------------+-------------------------------------------+ 1: https://packages.debian.org/src:base-files 2: https://packages.debian.org/src:berkeley-abc 3: https://packages.debian.org/src:blackbox 4: https://packages.debian.org/src:caja 5: https://packages.debian.org/src:clamav 6: https://packages.debian.org/src:cproto 7: https://packages.debian.org/src:cwm 8: https://packages.debian.org/src:dbus 9: https://packages.debian.org/src:debian-installer 10: https://packages.debian.org/src:debian-installer-netboot-images 11: https://packages.debian.org/src:debian-lan-config 12: https://packages.debian.org/src:didjvu 13: https://packages.debian.org/src:ejabberd 14: https://packages.debian.org/src:exactimage 15: https://packages.debian.org/src:fai 16: https://packages.debian.org/src:feed2imap 17: https://packages.debian.org/src:freeorion 18: https://packages.debian.org/src:ganeti 19: https://packages.debian.org/src:gdnsd 20: https://packages.debian.org/src:gnome-shell 21: https://packages.debian.org/src:gnutls28 22: https://packages.debian.org/src:hello 23: https://packages.debian.org/src:ibus-cangjie 24: https://packages.debian.org/src:installation-guide 25: https://packages.debian.org/src:ircd-hybrid 26: https://packages.debian.org/src:lastpass-cli 27: https://packages.debian.org/src:libav 28: https://packages.debian.org/src:libdatetime-timezone-perl 29: https://packages.debian.org/src:libdebian-installer 30: https://packages.debian.org/src:libi18n-charset-perl 31: https://packages.debian.org/src:libinfinity 32: https://packages.debian.org/src:libraw 33: https://packages.debian.org/src:libvncserver 34: https://packages.debian.org/src:linux 35: https://packages.debian.org/src:mate-desktop 36: https://packages.debian.org/src:mate-netbook 37: https://packages.debian.org/src:mate-utils 38: https://packages.debian.org/src:mew 39: https://packages.debian.org/src:mew-beta 40: https://packages.debian.org/src:multipath-tools 41: https://packages.debian.org/src:mutter 42: https://packages.debian.org/src:needrestart 43: https://packages.debian.org/src:node-groove 44: https://packages.debian.org/src:open-iscsi 45: https://packages.debian.org/src:opencv 46: https://packages.debian.org/src:openstack-debian-images 47: https://packages.debian.org/src:osmosis 48: https://packages.debian.org/src:pdf2djvu 49: https://packages.debian.org/src:pdns 50: https://packages.debian.org/src:pdns-recursor 51: https://packages.debian.org/src:perl 52: https://packages.debian.org/src:pgbouncer 53: https://packages.debian.org/src:php-horde 54: https://packages.debian.org/src:php-horde-passwd 55: https://packages.debian.org/src:phpbb3 56: https://packages.debian.org/src:postgresql-9.4 57: https://packages.debian.org/src:python-dbusmock 58: https://packages.debian.org/src:qcontrol 59: https://packages.debian.org/src:qt4-x11 60: https://packages.debian.org/src:qtbase-opensource-src 61: https://packages.debian.org/src:ruby-defaults 62: https://packages.debian.org/src:semi 63: https://packages.debian.org/src:smstools 64: https://packages.debian.org/src:systemd 65: https://packages.debian.org/src:tasksel 66: https://packages.debian.org/src:tecnoballz 67: https://packages.debian.org/src:tlsdate 68: https://packages.debian.org/src:torbrowser-launcher 69: https://packages.debian.org/src:translate-shell 70: https://packages.debian.org/src:tzdata 71: https://packages.debian.org/src:ulogd2 72: https://packages.debian.org/src:unattended-upgrades 73: https://packages.debian.org/src:usemod-wiki 74: https://packages.debian.org/src:virtualbox 75: https://packages.debian.org/src:win32-loader Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+--------------------------------+ | Advisory ID | Package | +----------------+--------------------------------+ | DSA-3229 [76] | mysql-5.5 [77] | | DSA-3230 [78] | django-markupfield [79] | | DSA-3232 [80] | curl [81] | | DSA-3233 [82] | wpa [83] | | DSA-3236 [84] | libreoffice [85] | | DSA-3237 [86] | linux [87] | | DSA-3238 [88] | chromium-browser [89] | | DSA-3239 [90] | icecast2 [91] | | DSA-3240 [92] | curl [93] | | DSA-3241 [94] | elasticsearch [95] | | DSA-3242 [96] | chromium-browser [97] | | DSA-3243 [98] | libxml-libxml-perl [99] | | DSA-3244 [100] | owncloud [101] | | DSA-3247 [102] | ruby2.1 [103] | | DSA-3250 [104] | wordpress [105] | | DSA-3251 [106] | dnsmasq [107] | | DSA-3252 [108] | sqlite3 [109] | | DSA-3253 [110] | pound [111] | | DSA-3254 [112] | suricata [113] | | DSA-3255 [114] | zeromq3 [115] | | DSA-3256 [116] | libtasn1-6 [117] | | DSA-3257 [118] | mercurial [119] | | DSA-3258 [120] | quassel [121] | | DSA-3259 [122] | qemu [123] | | DSA-3261 [124] | libtest-signature-perl [125] | | DSA-3261 [126] | libmodule-signature-perl [127] | | DSA-3263 [128] | proftpd-dfsg [129] | | DSA-3264 [130] | icedove [131] | | DSA-3265 [132] | zendframework [133] | | DSA-3266 [134] | fuse [135] | | DSA-3267 [136] | chromium-browser [137] | | DSA-3268 [138] | ntfs-3g [139] | | DSA-3269 [140] | postgresql-9.1 [141] | | DSA-3270 [142] | postgresql-9.4 [143] | | DSA-3271 [144] | nbd [145] | | DSA-3272 [146] | ipsec-tools [147] | | DSA-3274 [148] | virtualbox [149] | | DSA-3275 [150] | fusionforge [151] | +----------------+--------------------------------+ 76: https://www.debian.org/security/2015/dsa-3229 77: https://packages.debian.org/src:mysql-5.5 78: https://www.debian.org/security/2015/dsa-3230 79: https://packages.debian.org/src:django-markupfield 80: https://www.debian.org/security/2015/dsa-3232 81: https://packages.debian.org/src:curl 82: https://www.debian.org/security/2015/dsa-3233 83: https://packages.debian.org/src:wpa 84: https://www.debian.org/security/2015/dsa-3236 85: https://packages.debian.org/src:libreoffice 86: https://www.debian.org/security/2015/dsa-3237 87: https://packages.debian.org/src:linux 88: https://www.debian.org/security/2015/dsa-3238 89: https://packages.debian.org/src:chromium-browser 90: https://www.debian.org/security/2015/dsa-3239 91: https://packages.debian.org/src:icecast2 92: https://www.debian.org/security/2015/dsa-3240 93: https://packages.debian.org/src:curl 94: https://www.debian.org/security/2015/dsa-3241 95: https://packages.debian.org/src:elasticsearch 96: https://www.debian.org/security/2015/dsa-3242 97: https://packages.debian.org/src:chromium-browser 98: https://www.debian.org/security/2015/dsa-3243 99: https://packages.debian.org/src:libxml-libxml-perl 100: https://www.debian.org/security/2015/dsa-3244 101: https://packages.debian.org/src:owncloud 102: https://www.debian.org/security/2015/dsa-3247 103: https://packages.debian.org/src:ruby2.1 104: https://www.debian.org/security/2015/dsa-3250 105: https://packages.debian.org/src:wordpress 106: https://www.debian.org/security/2015/dsa-3251 107: https://packages.debian.org/src:dnsmasq 108: https://www.debian.org/security/2015/dsa-3252 109: https://packages.debian.org/src:sqlite3 110: https://www.debian.org/security/2015/dsa-3253 111: https://packages.debian.org/src:pound 112: https://www.debian.org/security/2015/dsa-3254 113: https://packages.debian.org/src:suricata 114: https://www.debian.org/security/2015/dsa-3255 115: https://packages.debian.org/src:zeromq3 116: https://www.debian.org/security/2015/dsa-3256 117: https://packages.debian.org/src:libtasn1-6 118: https://www.debian.org/security/2015/dsa-3257 119: https://packages.debian.org/src:mercurial 120: https://www.debian.org/security/2015/dsa-3258 121: https://packages.debian.org/src:quassel 122: https://www.debian.org/security/2015/dsa-3259 123: https://packages.debian.org/src:qemu 124: https://www.debian.org/security/2015/dsa-3261 125: https://packages.debian.org/src:libtest-signature-perl 126: https://www.debian.org/security/2015/dsa-3261 127: https://packages.debian.org/src:libmodule-signature-perl 128: https://www.debian.org/security/2015/dsa-3263 129: https://packages.debian.org/src:proftpd-dfsg 130: https://www.debian.org/security/2015/dsa-3264 131: https://packages.debian.org/src:icedove 132: https://www.debian.org/security/2015/dsa-3265 133: https://packages.debian.org/src:zendframework 134: https://www.debian.org/security/2015/dsa-3266 135: https://packages.debian.org/src:fuse 136: https://www.debian.org/security/2015/dsa-3267 137: https://packages.debian.org/src:chromium-browser 138: https://www.debian.org/security/2015/dsa-3268 139: https://packages.debian.org/src:ntfs-3g 140: https://www.debian.org/security/2015/dsa-3269 141: https://packages.debian.org/src:postgresql-9.1 142: https://www.debian.org/security/2015/dsa-3270 143: https://packages.debian.org/src:postgresql-9.4 144: https://www.debian.org/security/2015/dsa-3271 145: https://packages.debian.org/src:nbd 146: https://www.debian.org/security/2015/dsa-3272 147: https://packages.debian.org/src:ipsec-tools 148: https://www.debian.org/security/2015/dsa-3274 149: https://packages.debian.org/src:virtualbox 150: https://www.debian.org/security/2015/dsa-3275 151: https://packages.debian.org/src:fusionforge URLs ---- The complete lists of packages that have changed with this revision: http://httpredir.debian.org/debian/dists/jessie/ChangeLog The current stable distribution: http://httpredir.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://httpredir.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://security.debian.org/ [152] 152: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part