------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 43-1 http://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt December 11th, 2013 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 7 Update (7.3) An update to Debian GNU/Linux 7 is scheduled for Saturday, December 14th 2013. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason apt Fix handling of :any in single-arch systems and processing of .debs over 2GB in size apt-listbugs Insecure use of temporary files base-files Update for point release bootchart Fix upgrade path from machines which had lenny's bootchart installed darktable Fix CVE-2013-1438; fix CVE-2013-1439 distro-info-data Add Ubuntu 14.04, Trusty Tahr expat Do not ship pkgconfig files fcitx-cloudpinyin Use Google by default, to replace no longer available previous default firebird2.5 Final 2.5.2 release, bug fixes gnome-settings-daemon Remove no longer required patch which makes syndaemon almost useless gtk+3.0 Load the file icon via a data: URI, to work with librsvg's new origin policy iftop Fix memory leak intel-microcode New upstream update kfreebsd-9 Disable 101_nullfs_vsock.diff libdatetime-timezone-perl New upstream version libguestfs Fix CVE-2013-4419: insecure temporary directory handling for remote guestfish libnet-server-perl Fix use of uninitialized value in pattern match libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the SSL_version argument librsvg Fix CVE-2013-1881: disable loading of external entities lua-sql Restore multiarch co-installability meep-lam4 Move /usr/include/meep-lam4 to /usr/include/meep; fixes building against the -dev package meep-mpi-default Move /usr/include/meep-mpi-default to /usr/include/meep; fixes building against the -dev package meep-mpich2 Move /usr/include/meep-mpich2 to /usr/include/meep; fixes building against the -dev package meep-openmpi Move /usr/include/meep-openmpi to /usr/include/meep; fixes building against the -dev package multipath-tools Restore "dmsetup export" workaround, lost in previous upload nagios3 Stop status.cgi listing unauthorised hosts and services, miscellaneous bug fixes nsd3 Add $network to Required-Start openttd Fix CVE-2013-6411 (DoS) postgresql-8.4 New upstream micro-release postgresql-9.1 New upstream micro-release rtkit Fix access restriction bypass via polkit race condition ruby-passenger Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage scikit-learn Move joblib to Depends from Recommends smplayer Don't append -fontconfig to the command line options for Mplayer2 to prevent crash at startup starpu Remove non-free example material starpu-contrib Remove non-free example material tzdata New upstream release usemod-wiki Update hardcoded cookie expiration date from 2013 to 2025 xfce4-weather-plugin Update weather.com API URI A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/stable.html> If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part