------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.5 released press@debian.org
June 4th, 2016 https://www.debian.org/News/2016/20160604
------------------------------------------------------------------------
The Debian project is pleased to announce the fifth update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| autofs [1] | Remove stray debugging output in log |
| | files |
| | |
| bareos [2] | Fix GnuTLS backend initialization, TLS |
| | negotiation for passive filedaemons |
| | |
| base-files [3] | Update for the point release |
| | |
| chrony [4] | Fix CVE-2016-1567: Restrict |
| | authentication of server/peer to |
| | specified key; remove /var/lib/chrony on |
| | purge only; rework postrotate log |
| | rotation script |
| | |
| clamav [5] | New upstream release |
| | |
| cyrus-imapd-2.4 [6] | Drop broken caldav support |
| | |
| debian-edu [7] | Add libdns-mdns to tasks/desktop-other |
| | and tasks/main-server to make CUPS |
| | browsing really functional; add avahi- |
| | discover, mdns-scan, avahi-autoipd and |
| | kdnssd to tasks/main-server as suggested |
| | packages |
| | |
| debian-edu-config [8] | Backport various bug fixes |
| | |
| debian-edu-doc [9] | Update wheezy and jessie documentation |
| | |
| debian-edu-install [10] | Update version number to 8+edu0 |
| | |
| debian-installer [11] | Rebuild against proposed-updates; add |
| | sata-modules for arm64 - some machines do |
| | have SATA CD |
| | |
| debian-installer- | Rebuild against new debian-installer; |
| netboot-images [12] | swap the d-i Built-Using with the |
| | installer fetching, to fail on version |
| | mismatches earlier |
| | |
| dpkg [13] | Add more Conflicts for removed packages |
| | expecting dpkg to ship install-info; |
| | remove trailing space before handling |
| | blank line dot-separator in |
| | Dpkg::Control::HashCore. Regression |
| | introduced in dpkg 1.17.25; only use the |
| | SHELL environment variable for |
| | interactive shells; move tar option --no- |
| | recursion before -T in dpkg-deb; |
| | initialize Config-Version also for |
| | packages previously in triggers-pending |
| | state; fix memory leak in dpkg infodb |
| | format upgrade logic; fix physical file |
| | offset comparison in dpkg; add kfreebsd- |
| | armhf support to ostable and |
| | triplettable; add NIOS2 support to |
| | cputable |
| | |
| evince [14] | Fix crashes when document has pages |
| | removed and is reloaded, and when a |
| | recent document fails to load |
| | |
| ext4magic [15] | Fix an issue which makes impossible to |
| | recover or examine Ext4 filesystems |
| | |
| fusionforge [16] | Disable mediawiki plugin, as mediawiki is |
| | being removed |
| | |
| gitolite3 [17] | Enable repository paths without '~/' in |
| | git-annex-shell |
| | |
| glusterfs [18] | Add missing glusterd hook script to |
| | glusterfs-server package |
| | |
| gosa [19] | Several bugfixes |
| | |
| gpa [20] | Fix check of dialog return values |
| | |
| groovy [21] | Fix remote execution of untrusted code |
| | and possible DoS vulnerability [CVE-2015- |
| | 3253] |
| | |
| hexchat [22] | Verify hostnames when ssl is in use |
| | |
| hivex [23] | Fix ruby-hivex installation |
| | |
| icedove [24] | Fix build failure on mips; fix build on |
| | arm{el,hf} |
| | |
| icedtea-web [25] | New upstream release, fixes CVE-2015-5235 |
| | and CVE-2015-5234 |
| | |
| initramfs-tools [26] | Include drivers/nvme in block driver |
| | modules; create ORDER files even if there |
| | are no valid scripts |
| | |
| libcrypto++ [27] | Fix Rijndael timing attack counter |
| | measure [CVE-2016-3995] |
| | |
| libdatetime-timezone- | Update to tzdata 2016d |
| perl [28] | |
| | |
| libksba [29] | Do not abort on decoder stack overflow |
| | [CVE-2016-4353]; fix integer overflow in |
| | the BER decoder (CVE-2016-4354 CVE-2016- |
| | 4355), encoding of invalid utf-8 strings |
| | in dn.c [CVE-2016-4356], OOB read access |
| | in _ksba_dn_to_str, possible read access |
| | beyond the buffer [CVE-2016-4579] |
| | |
| libreoffice [30] | Fix build failure on ppc64el due to |
| | changes in OpenJDK; fix logic to not |
| | install sound files |
| | |
| linux [31] | Revert some changes in 3.16.7-ckt25-1 |
| | which caused issues on some systems with |
| | Radeon graphics cards and when inserting |
| | a USB device |
| | |
| lvm2 [32] | Set default pid directory to /run |
| | |
| mathematica-fonts [33] | Update for new upstream file version |
| | (10); only TrueType fonts are now |
| | available; add missing dependency on wget |
| | |
| nam [34] | Build-Depend on tcl / tk >= 8.6 |
| | |
| ngspice [35] | Run lyx with a temporary -userdir to not |
| | rely on $HOME |
| | |
| nlpsolver [36] | Add missing Depends: on libreoffice-java- |
| | common |
| | |
| nmap [37] | Fix versioned breaks/replaces; deal with |
| | unuseable socks proxy; ignore |
| | unenumerable interfaces; move ndiff.py |
| | from zenmap to ndiff |
| | |
| opam [38] | Fix insecure certificate handling |
| | |
| openjdk-7 [39] | Fix build failure on arm{el,hf} |
| | |
| openssl [40] | Update expired certificates used by test |
| | suite; update to 1.0.1t stable release; |
| | use alternate trust chains; use correct |
| | digest when exporting keying material; |
| | security fixes [CVE-2015-3197 CVE-2015- |
| | 1793] |
| | |
| pepperflashplugin- | Update Google public key; remove 32 bit |
| nonfree [41] | support |
| | |
| perl [42] | Apply selected bug-fix patches taken from |
| | 5.20.3; fix debugperl crashes with XS |
| | modules; CVE-2015-8853 fix regexp engine |
| | hang on illegal UTF8 input; fix UTF8- |
| | related regexp engine crash |
| | |
| postgresql-9.1 [43] | New upstream release |
| | |
| postgresql-9.4 [44] | New upstream release |
| | |
| quota [45] | Change invocation of quota services, so |
| | systemd takes over most of the work |
| | |
| redmine [46] | Load all database drivers for all Redmine |
| | instances |
| | |
| tklib [47] | Fixed typo in Plotchart version which |
| | prevented its loading |
| | |
| tzdata [48] | New upstream release |
| | |
| wmforecast [49] | Update for new Yahoo! weather API |
| | |
| xapian-core [50] | Fix possible database corruption, |
| | especially with recoll |
| | |
| xarchiver [51] | Fix crash when attempting to cancel |
| | "extract here" in Thunar plugin |
| | |
| xscreensaver [52] | Remove warning about "outdated" version |
| | |
| zendframework [53] | Fix regression from ZF2015-08: binary |
| | data corruption; fix ZF2016-01: Potential |
| | Insufficient Entropy Vulnerability in ZF1 |
| | |
+-------------------------+-------------------------------------------+
1: https://packages.debian.org/src:autofs
2: https://packages.debian.org/src:bareos
3: https://packages.debian.org/src:base-files
4: https://packages.debian.org/src:chrony
5: https://packages.debian.org/src:clamav
6: https://packages.debian.org/src:cyrus-imapd-2.4
7: https://packages.debian.org/src:debian-edu
8: https://packages.debian.org/src:debian-edu-config
9: https://packages.debian.org/src:debian-edu-doc
10: https://packages.debian.org/src:debian-edu-install
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:dpkg
14: https://packages.debian.org/src:evince
15: https://packages.debian.org/src:ext4magic
16: https://packages.debian.org/src:fusionforge
17: https://packages.debian.org/src:gitolite3
18: https://packages.debian.org/src:glusterfs
19: https://packages.debian.org/src:gosa
20: https://packages.debian.org/src:gpa
21: https://packages.debian.org/src:groovy
22: https://packages.debian.org/src:hexchat
23: https://packages.debian.org/src:hivex
24: https://packages.debian.org/src:icedove
25: https://packages.debian.org/src:icedtea-web
26: https://packages.debian.org/src:initramfs-tools
27: https://packages.debian.org/src:libcrypto++
28: https://packages.debian.org/src:libdatetime-timezone-perl
29: https://packages.debian.org/src:libksba
30: https://packages.debian.org/src:libreoffice
31: https://packages.debian.org/src:linux
32: https://packages.debian.org/src:lvm2
33: https://packages.debian.org/src:mathematica-fonts
34: https://packages.debian.org/src:nam
35: https://packages.debian.org/src:ngspice
36: https://packages.debian.org/src:nlpsolver
37: https://packages.debian.org/src:nmap
38: https://packages.debian.org/src:opam
39: https://packages.debian.org/src:openjdk-7
40: https://packages.debian.org/src:openssl
41: https://packages.debian.org/src:pepperflashplugin-nonfree
42: https://packages.debian.org/src:perl
43: https://packages.debian.org/src:postgresql-9.1
44: https://packages.debian.org/src:postgresql-9.4
45: https://packages.debian.org/src:quota
46: https://packages.debian.org/src:redmine
47: https://packages.debian.org/src:tklib
48: https://packages.debian.org/src:tzdata
49: https://packages.debian.org/src:wmforecast
50: https://packages.debian.org/src:xapian-core
51: https://packages.debian.org/src:xarchiver
52: https://packages.debian.org/src:xscreensaver
53: https://packages.debian.org/src:zendframework
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+------------------------+
| Advisory ID | Package |
+----------------+------------------------+
| DSA-3410 [54] | icedove-l10n [55] |
| | |
| DSA-3410 [56] | iceowl-l10n [57] |
| | |
| DSA-3410 [58] | enigmail [59] |
| | |
| DSA-3410 [60] | icedove [61] |
| | |
| DSA-3432 [62] | icedove [63] |
| | |
| DSA-3473 [64] | nginx [65] |
| | |
| DSA-3476 [66] | postgresql-9.4 [67] |
| | |
| DSA-3482 [68] | libreoffice [69] |
| | |
| DSA-3485 [70] | didiwiki [71] |
| | |
| DSA-3491 [72] | icedove [73] |
| | |
| DSA-3495 [74] | xymon [75] |
| | |
| DSA-3520 [76] | icedove [77] |
| | |
| DSA-3530 [78] | tomcat6 [79] |
| | |
| DSA-3533 [80] | openvswitch [81] |
| | |
| DSA-3535 [82] | kamailio [83] |
| | |
| DSA-3537 [84] | imlib2 [85] |
| | |
| DSA-3538 [86] | libebml [87] |
| | |
| DSA-3539 [88] | srtp [89] |
| | |
| DSA-3540 [90] | lhasa [91] |
| | |
| DSA-3542 [92] | mercurial [93] |
| | |
| DSA-3543 [94] | oar [95] |
| | |
| DSA-3544 [96] | python-django [97] |
| | |
| DSA-3545 [98] | cgit [99] |
| | |
| DSA-3546 [100] | optipng [101] |
| | |
| DSA-3549 [102] | chromium-browser [103] |
| | |
| DSA-3550 [104] | openssh [105] |
| | |
| DSA-3552 [106] | tomcat7 [107] |
| | |
| DSA-3554 [108] | xen [109] |
| | |
| DSA-3555 [110] | imlib2 [111] |
| | |
| DSA-3556 [112] | libgd2 [113] |
| | |
| DSA-3557 [114] | mysql-5.5 [115] |
| | |
| DSA-3558 [116] | openjdk-7 [117] |
| | |
| DSA-3559 [118] | iceweasel [119] |
| | |
| DSA-3560 [120] | php5 [121] |
| | |
| DSA-3561 [122] | subversion [123] |
| | |
| DSA-3562 [124] | tardiff [125] |
| | |
| DSA-3563 [126] | poppler [127] |
| | |
| DSA-3564 [128] | chromium-browser [129] |
| | |
| DSA-3565 [130] | pdns [131] |
| | |
| DSA-3565 [132] | ovito [133] |
| | |
| DSA-3565 [134] | botan1.10 [135] |
| | |
| DSA-3565 [136] | softhsm [137] |
| | |
| DSA-3565 [138] | qtcreator [139] |
| | |
| DSA-3566 [140] | openssl [141] |
| | |
| DSA-3567 [142] | libpam-sshauth [143] |
| | |
| DSA-3568 [144] | libtasn1-6 [145] |
| | |
| DSA-3569 [146] | openafs [147] |
| | |
| DSA-3570 [148] | mercurial [149] |
| | |
| DSA-3571 [150] | ikiwiki [151] |
| | |
| DSA-3572 [152] | websvn [153] |
| | |
| DSA-3573 [154] | qemu [155] |
| | |
| DSA-3574 [156] | libarchive [157] |
| | |
| DSA-3575 [158] | libxstream-java [159] |
| | |
| DSA-3576 [160] | icedove [161] |
| | |
| DSA-3577 [162] | jansson [163] |
| | |
| DSA-3578 [164] | libidn [165] |
| | |
| DSA-3579 [166] | xerces-c [167] |
| | |
| DSA-3580 [168] | imagemagick [169] |
| | |
| DSA-3581 [170] | libndp [171] |
| | |
| DSA-3582 [172] | expat [173] |
| | |
| DSA-3583 [174] | swift-plugin-s3 [175] |
| | |
| DSA-3584 [176] | librsvg [177] |
| | |
| DSA-3585 [178] | wireshark [179] |
| | |
| DSA-3586 [180] | atheme-services [181] |
| | |
| DSA-3587 [182] | libgd2 [183] |
| | |
+----------------+------------------------+
54: https://www.debian.org/security/2015/dsa-3410
55: https://packages.debian.org/src:icedove-l10n
56: https://www.debian.org/security/2015/dsa-3410
57: https://packages.debian.org/src:iceowl-l10n
58: https://www.debian.org/security/2015/dsa-3410
59: https://packages.debian.org/src:enigmail
60: https://www.debian.org/security/2015/dsa-3410
61: https://packages.debian.org/src:icedove
62: https://www.debian.org/security/2016/dsa-3432
63: https://packages.debian.org/src:icedove
64: https://www.debian.org/security/2016/dsa-3473
65: https://packages.debian.org/src:nginx
66: https://www.debian.org/security/2016/dsa-3476
67: https://packages.debian.org/src:postgresql-9.4
68: https://www.debian.org/security/2016/dsa-3482
69: https://packages.debian.org/src:libreoffice
70: https://www.debian.org/security/2016/dsa-3485
71: https://packages.debian.org/src:didiwiki
72: https://www.debian.org/security/2016/dsa-3491
73: https://packages.debian.org/src:icedove
74: https://www.debian.org/security/2016/dsa-3495
75: https://packages.debian.org/src:xymon
76: https://www.debian.org/security/2016/dsa-3520
77: https://packages.debian.org/src:icedove
78: https://www.debian.org/security/2016/dsa-3530
79: https://packages.debian.org/src:tomcat6
80: https://www.debian.org/security/2016/dsa-3533
81: https://packages.debian.org/src:openvswitch
82: https://www.debian.org/security/2016/dsa-3535
83: https://packages.debian.org/src:kamailio
84: https://www.debian.org/security/2016/dsa-3537
85: https://packages.debian.org/src:imlib2
86: https://www.debian.org/security/2016/dsa-3538
87: https://packages.debian.org/src:libebml
88: https://www.debian.org/security/2016/dsa-3539
89: https://packages.debian.org/src:srtp
90: https://www.debian.org/security/2016/dsa-3540
91: https://packages.debian.org/src:lhasa
92: https://www.debian.org/security/2016/dsa-3542
93: https://packages.debian.org/src:mercurial
94: https://www.debian.org/security/2016/dsa-3543
95: https://packages.debian.org/src:oar
96: https://www.debian.org/security/2016/dsa-3544
97: https://packages.debian.org/src:python-django
98: https://www.debian.org/security/2016/dsa-3545
99: https://packages.debian.org/src:cgit
100: https://www.debian.org/security/2016/dsa-3546
101: https://packages.debian.org/src:optipng
102: https://www.debian.org/security/2016/dsa-3549
103: https://packages.debian.org/src:chromium-browser
104: https://www.debian.org/security/2016/dsa-3550
105: https://packages.debian.org/src:openssh
106: https://www.debian.org/security/2016/dsa-3552
107: https://packages.debian.org/src:tomcat7
108: https://www.debian.org/security/2016/dsa-3554
109: https://packages.debian.org/src:xen
110: https://www.debian.org/security/2016/dsa-3555
111: https://packages.debian.org/src:imlib2
112: https://www.debian.org/security/2016/dsa-3556
113: https://packages.debian.org/src:libgd2
114: https://www.debian.org/security/2016/dsa-3557
115: https://packages.debian.org/src:mysql-5.5
116: https://www.debian.org/security/2016/dsa-3558
117: https://packages.debian.org/src:openjdk-7
118: https://www.debian.org/security/2016/dsa-3559
119: https://packages.debian.org/src:iceweasel
120: https://www.debian.org/security/2016/dsa-3560
121: https://packages.debian.org/src:php5
122: https://www.debian.org/security/2016/dsa-3561
123: https://packages.debian.org/src:subversion
124: https://www.debian.org/security/2016/dsa-3562
125: https://packages.debian.org/src:tardiff
126: https://www.debian.org/security/2016/dsa-3563
127: https://packages.debian.org/src:poppler
128: https://www.debian.org/security/2016/dsa-3564
129: https://packages.debian.org/src:chromium-browser
130: https://www.debian.org/security/2016/dsa-3565
131: https://packages.debian.org/src:pdns
132: https://www.debian.org/security/2016/dsa-3565
133: https://packages.debian.org/src:ovito
134: https://www.debian.org/security/2016/dsa-3565
135: https://packages.debian.org/src:botan1.10
136: https://www.debian.org/security/2016/dsa-3565
137: https://packages.debian.org/src:softhsm
138: https://www.debian.org/security/2016/dsa-3565
139: https://packages.debian.org/src:qtcreator
140: https://www.debian.org/security/2016/dsa-3566
141: https://packages.debian.org/src:openssl
142: https://www.debian.org/security/2016/dsa-3567
143: https://packages.debian.org/src:libpam-sshauth
144: https://www.debian.org/security/2016/dsa-3568
145: https://packages.debian.org/src:libtasn1-6
146: https://www.debian.org/security/2016/dsa-3569
147: https://packages.debian.org/src:openafs
148: https://www.debian.org/security/2016/dsa-3570
149: https://packages.debian.org/src:mercurial
150: https://www.debian.org/security/2016/dsa-3571
151: https://packages.debian.org/src:ikiwiki
152: https://www.debian.org/security/2016/dsa-3572
153: https://packages.debian.org/src:websvn
154: https://www.debian.org/security/2016/dsa-3573
155: https://packages.debian.org/src:qemu
156: https://www.debian.org/security/2016/dsa-3574
157: https://packages.debian.org/src:libarchive
158: https://www.debian.org/security/2016/dsa-3575
159: https://packages.debian.org/src:libxstream-java
160: https://www.debian.org/security/2016/dsa-3576
161: https://packages.debian.org/src:icedove
162: https://www.debian.org/security/2016/dsa-3577
163: https://packages.debian.org/src:jansson
164: https://www.debian.org/security/2016/dsa-3578
165: https://packages.debian.org/src:libidn
166: https://www.debian.org/security/2016/dsa-3579
167: https://packages.debian.org/src:xerces-c
168: https://www.debian.org/security/2016/dsa-3580
169: https://packages.debian.org/src:imagemagick
170: https://www.debian.org/security/2016/dsa-3581
171: https://packages.debian.org/src:libndp
172: https://www.debian.org/security/2016/dsa-3582
173: https://packages.debian.org/src:expat
174: https://www.debian.org/security/2016/dsa-3583
175: https://packages.debian.org/src:swift-plugin-s3
176: https://www.debian.org/security/2016/dsa-3584
177: https://packages.debian.org/src:librsvg
178: https://www.debian.org/security/2016/dsa-3585
179: https://packages.debian.org/src:wireshark
180: https://www.debian.org/security/2016/dsa-3586
181: https://packages.debian.org/src:atheme-services
182: https://www.debian.org/security/2016/dsa-3587
183: https://packages.debian.org/src:libgd2
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+-------------------------------+--------------------------------------+
| Package | Reason |
+-------------------------------+--------------------------------------+
| lyz [184] | Depends on to-be-removed zotero- |
| | standalone-build |
| | |
| mediawiki [185] | No longer security supported |
| | |
| mediawiki-math [186] | Depends on to-be-removed mediawiki |
| | |
| zotero-standalone-build [187] | Unusable in jessie |
| | |
+-------------------------------+--------------------------------------+
184: https://packages.debian.org/src:lyz
185: https://packages.debian.org/src:mediawiki
186: https://packages.debian.org/src:mediawiki-math
187: https://packages.debian.org/src:zotero-standalone-build
Debian Installer
----------------
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/jessie/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/ [188]
188: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: PGP signature