[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 44-1] Upcoming Debian GNU/Linux 7 Update (7.4)

Debian Stable Updates Announcement SUA 44-1        http://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
February 5th, 2014

Upcoming Debian GNU/Linux 7 Update (7.4)

An update to Debian GNU/Linux 7 is scheduled for Saturday, February 8th,
2014. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                            Reason

    apache2                            Fix mod_rewrite log escaping (CVE-2013-1862), mod_dav denial of service (CVE-2013-1896) and segfaults in certain error conditions
    base-files                         Update for the point release
    ctdb                               Fix service stop and restart failing when trying to remove a public IP address not assigned locally
    debian-handbook                    Update for wheezy
    debian-installer                   Rebuild for the point release
    eglibc                             Several security fixes; fix SIGFPE when locale-archive has been corrupted to all zeros; kfreebsd: always put supplied extra gid as the first entry of group list in setgroups(); fix sys_ktimer_settime
    gatling                            Restore compatibility with PolarSSL security update
    gnash                              Fix playing youtube movies using the ffmpeg media handler
    kexec-tools                        Handle x.y kernel versions
    kfreebsd-8                         Several security fixes
    kfreebsd-9                         Disable VIA hardware RNG by default; fix lseek ENXIO error condition with ZFS
    lazr.restfulclient                 Fix some concurrency issues
    libapache2-mod-rpaf                Restore accidentally dropped ipv6 patch
    libglib-object-introspection-perl  Fix incorrect memory allocation that causes segfaults in reverse-dependencies
    libhtml-formhandler-perl           Fix FTBFS
    libmicrohttpd                      Various security issues
    libnet-mac-vendor-perl             Fix FTBFS due to failing t/fetch_oui.t test
    libotr                             Disable insecure OTRv1 protocol
    linux                              Various security fixes; update to stable 3.2.54; update drm, agp to 3.4.76; fix CVE-2013-4579, CVE-2013-6368, CVE-2014-1446
    localepurge                        Fix CVE-2014-1638, unsafe tempfile creation
    lxc                                Use latest upstream provided lxc-debian; add rsync to Recommends
    mapserver                          Fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function
    nut                                Reset USB timeout to standard 5 seconds
    openssl                            Enable assembler for the arm targets; enable ec_nistp_64_gcc_128 on *-amd64
    pdns                               Fix lengths of the records.content and supermasters.ip columns
    ruby-gsl                           Remove non-free documentation
    ruby-opengl                        Remove example with unclear license
    rush                               Fix CVE-2013-6889, file access escalation
    samhain                            Disable dnmalloc for all architectures expect those known to work; fix mail sending from default configuration
    spip                               Fix XSS on signature from author [CVE-2013-7303]
    tuxguitar                          Update list of supported xulrunner versions
    tzdata                             New upstream release
    vips                               Fix crash on tiff with jpeg compression
    wget                               Add support for SNI
    whois                              New upstream release; update various TLDs
    xfce4-weather-plugin               Fix abort when <hi> element is empty

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    iceape              Security support removed

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: