-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 43-1 http://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
December 11th, 2013
-------------------------------------------------------------------------
Upcoming Debian GNU/Linux 7 Update (7.3)
An update to Debian GNU/Linux 7 is scheduled for Saturday, December 14th
2013. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official
mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt Fix handling of :any in single-arch systems and processing of .debs over 2GB in size
apt-listbugs Insecure use of temporary files
base-files Update for point release
bootchart Fix upgrade path from machines which had lenny's bootchart installed
darktable Fix CVE-2013-1438; fix CVE-2013-1439
distro-info-data Add Ubuntu 14.04, Trusty Tahr
expat Do not ship pkgconfig files
fcitx-cloudpinyin Use Google by default, to replace no longer available previous default
firebird2.5 Final 2.5.2 release, bug fixes
gnome-settings-daemon Remove no longer required patch which makes syndaemon almost useless
gtk+3.0 Load the file icon via a data: URI, to work with librsvg's new origin policy
iftop Fix memory leak
intel-microcode New upstream update
kfreebsd-9 Disable 101_nullfs_vsock.diff
libdatetime-timezone-perl New upstream version
libguestfs Fix CVE-2013-4419: insecure temporary directory handling for remote guestfish
libnet-server-perl Fix use of uninitialized value in pattern match
libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the SSL_version argument
librsvg Fix CVE-2013-1881: disable loading of external entities
lua-sql Restore multiarch co-installability
meep-lam4 Move /usr/include/meep-lam4 to /usr/include/meep; fixes building against the -dev package
meep-mpi-default Move /usr/include/meep-mpi-default to /usr/include/meep; fixes building against the -dev package
meep-mpich2 Move /usr/include/meep-mpich2 to /usr/include/meep; fixes building against the -dev package
meep-openmpi Move /usr/include/meep-openmpi to /usr/include/meep; fixes building against the -dev package
multipath-tools Restore "dmsetup export" workaround, lost in previous upload
nagios3 Stop status.cgi listing unauthorised hosts and services, miscellaneous bug fixes
nsd3 Add $network to Required-Start
openttd Fix CVE-2013-6411 (DoS)
postgresql-8.4 New upstream micro-release
postgresql-9.1 New upstream micro-release
rtkit Fix access restriction bypass via polkit race condition
ruby-passenger Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage
scikit-learn Move joblib to Depends from Recommends
smplayer Don't append -fontconfig to the command line options for Mplayer2 to prevent crash at startup
starpu Remove non-free example material
starpu-contrib Remove non-free example material
tzdata New upstream release
usemod-wiki Update hardcoded cookie expiration date from 2013 to 2025
xfce4-weather-plugin Update weather.com API URI
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<http://release.debian.org/proposed-updates/stable.html>
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part