[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Draft announcement for 7.3


Please find attached a draft announcement for Saturday's wheezy point
release (7.3).


<define-tag pagetitle>Updated Debian 7: 7.3 released</define-tag>
<define-tag release_date>2013-12-14</define-tag>
#use wml::debian::news
# $Id:

<define-tag release>7</define-tag>
<define-tag codename>wheezy</define-tag>
<define-tag revision>7.3</define-tag>

<define-tag dsa>
    <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
        <td align="center"><:
    my @p = ();
    for my $p (split (/,\s*/, "%2")) {
	push (@p, sprintf ('<a href="http://packages.debian.org/src:%s";>%s</a>', $p, $p));
    print join (", ", @p);
:></td><td align="left">%3</td></tr>

<define-tag correction>
    <tr><td><a href="http://packages.debian.org/src:%0";>%0</a></td>              <td>%1</td></tr>

<define-tag srcpkg><a href="http://packages.debian.org/src:%0";>%0</a></define-tag>

<p>The Debian project is pleased to announce the third update of its
stable distribution Debian <release> (codename <q><codename></q>). 
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems.  Security advisories
were already published separately and are referenced where available.</p>

<p>Please note that this update does not constitute a new version of Debian
<release> but only updates some of the packages included.  There is
no need to throw away old <q><codename></q> CDs or DVDs but only to update
via an up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.</p>

<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>

<p>New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.</p>

<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:</p>

<div class="center">
  <a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>

<h2>Miscellaneous Bugfixes</h2>

<p>This stable update adds a few important corrections to the following
<table border=0>
<tr><th>Package</th>               <th>Reason</th></tr>
<correction apt                              "Fix handling of :any in single-arch systems and processing of .debs over 2GB in size">
<correction apt-listbugs                     "Insecure use of temporary files">
<correction base-files                       "Update for point release">
<correction bootchart                        "Fix upgrade path from machines which had lenny's bootchart installed">
<correction darktable                        "Fix CVE-2013-1438; fix CVE-2013-1439">
<correction distro-info-data                 "Add Ubuntu 14.04, Trusty Tahr">
<correction expat                            "Do not ship pkgconfig files">
<correction fcitx-cloudpinyin                "Use Google by default, to replace no longer available previous default">
<correction firebird2.5                      "Final 2.5.2 release, bug fixes">
<correction gnome-settings-daemon            "Remove no longer required patch which makes syndaemon almost useless">
<correction gtk+3.0                          "Load the file icon via a data: URI, to work with librsvg's new origin policy">
<correction iftop                            "Fix memory leak">
<correction intel-microcode                  "New upstream update">
<correction kfreebsd-9                       "Disable 101_nullfs_vsock.diff">
<correction libdatetime-timezone-perl        "New upstream version">
<correction libguestfs                       "Fix CVE-2013-4419: insecure temporary directory handling for remote guestfish">
<correction libnet-server-perl               "Fix use of uninitialized value in pattern match">
<correction libnet-smtp-tls-butmaintained-perl "Fix misuse of IO::Socket::SSL in the SSL_version argument">
<correction librsvg                          "Fix CVE-2013-1881: disable loading of external entities">
<correction lua-sql                          "Restore multiarch co-installability">
<correction meep-lam4                        "Move /usr/include/meep-lam4 to /usr/include/meep; fixes building against the -dev package">
<correction meep-mpi-default                 "Move /usr/include/meep-mpi-default to /usr/include/meep; fixes building against the -dev package">
<correction meep-mpich2                      "Move /usr/include/meep-mpich2 to /usr/include/meep; fixes building against the -dev package">
<correction meep-openmpi                     "Move /usr/include/meep-openmpi to /usr/include/meep; fixes building against the -dev package">
<correction multipath-tools                  "Restore <q>dmsetup export</q> workaround, lost in previous upload">
<correction nagios3                          "Stop status.cgi listing unauthorised hosts and services, miscellaneous bug fixes">
<correction nsd3                             "Add $network to Required-Start">
<correction openttd                          "Fix CVE-2013-6411 (DoS)">
<correction postgresql-8.4                   "New upstream micro-release">
<correction postgresql-9.1                   "New upstream micro-release">
<correction rtkit                            "Fix access restriction bypass via polkit race condition">
<correction ruby-passenger                   "Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage">
<correction scikit-learn                     "Move joblib to Depends from Recommends">
<correction smplayer                         "Don't append -fontconfig to the command line options for Mplayer2 to prevent crash at startup">
<correction starpu                           "Remove non-free example material">
<correction starpu-contrib                   "Remove non-free example material">
<correction tzdata                           "New upstream release">
<correction usemod-wiki                      "Update hardcoded cookie expiration date from 2013 to 2025">
<correction xfce4-weather-plugin             "Update weather.com API URI">

<h2>Security Updates</h2>

<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>

<table border=0>
<tr><th>Advisory ID</th>  <th>Package</th>    <th>Correction(s)</th></tr>

<dsa 2013 2738 ruby1.9.1               "Multiple issues">
<dsa 2013 2769 kfreebsd-9              "Multiple issues">
<dsa 2013 2770 torque                  "Authentication bypass">
<dsa 2013 2771 nas                     "Multiple issues">
<dsa 2013 2772 typo3-src               "Cross-site scripting">
<dsa 2013 2773 gnupg                   "Multiple issues">
<dsa 2013 2774 gnupg2                  "Multiple issues">
<dsa 2013 2775 ejabberd                "Insecure SSL usage">
<dsa 2013 2777 systemd                 "Multiple issues">
<dsa 2013 2778 libapache2-mod-fcgid    "Heap-based buffer overflow">
<dsa 2013 2779 libxml2                 "Denial of service">
<dsa 2013 2781 python-crypto           "PRNG not correctly reseeded in some situations">
<dsa 2013 2782 polarssl                "Multiple issues">
<dsa 2013 2784 xorg-server             "Use-after-free">
<dsa 2013 2785 chromium-browser        "Multiple issues">
<dsa 2013 2786 icu                     "Multiple issues">
<dsa 2013 2787 roundcube               "Design error">
<dsa 2013 2788 iceweasel               "Multiple issues">
<dsa 2013 2789 strongswan              "Denial of service and authorization bypass">
<dsa 2013 2790 nss                     "Uninitialized memory read">
<dsa 2013 2791 tryton-client           "Missing input sanitization">
<dsa 2013 2792 wireshark               "Multiple issues">
<dsa 2013 2794 spip                    "Multiple issues">
<dsa 2013 2795 lighttpd                "Multiple issues">
<dsa 2013 2796 torque                  "Arbitrary code execution">
<dsa 2013 2798 curl                    "Unchecked ssl certificate host name">
<dsa 2013 2799 chromium-browser        "Multiple issues">
<dsa 2013 2800 nss                     "Buffer overflow">
<dsa 2013 2801 libhttp-body-perl       "Design error">
<dsa 2013 2802 nginx                   "Restriction bypass">
<dsa 2013 2803 quagga                  "Multiple issues">
<dsa 2013 2804 drupal7                 "Multiple issues">
<dsa 2013 2805 sup-mail                "Remote command injection">
<dsa 2013 2806 nbd                     "Privilege escalation">
<dsa 2013 2807 links2                  "Integer overflow">
<dsa 2013 2808 openjpeg                "Multiple issues">
<dsa 2013 2809 ruby1.8                 "Multiple issues">
<dsa 2013 2810 ruby1.9.1               "Heap overflow">
<dsa 2013 2811 chromium-browser        "Multiple issues">


<h2>Removed packages</h2>

<p>The following packages were removed due to circumstances beyond our

<table border=0>
<tr><th>Package</th>               <th>Reason</th></tr>

<correction linky                  "License problems">
<correction iceweasel-linky        "License problems">

<h2>Debian Installer</h2>

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.


<p>The complete lists of packages that have changed with this

<div class="center">
  <url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">

<p>The current stable distribution:</p>

<div class="center">
  <url "http://ftp.debian.org/debian/dists/stable/";>

<p>Proposed updates to the stable distribution:</p>

<div class="center">
  <url "http://ftp.debian.org/debian/dists/proposed-updates";>

<p>stable distribution information (release notes, errata etc.):</p>

<div class="center">

<p>Security announcements and information:</p>

<div class="center">
  <a href="$(HOME)/security/">http://security.debian.org/</a>

<h2>About Debian</h2>

<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>

<h2>Contact Information</h2>

<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">http://www.debian.org/</a>, send mail to
&lt;press@debian.org&gt;, or contact the stable release team at 

Reply to: