-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 44-1 http://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
February 5th, 2014
-------------------------------------------------------------------------
Upcoming Debian GNU/Linux 7 Update (7.4)
An update to Debian GNU/Linux 7 is scheduled for Saturday, February 8th,
2014. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official
mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apache2 Fix mod_rewrite log escaping (CVE-2013-1862), mod_dav denial of service (CVE-2013-1896) and segfaults in certain error conditions
base-files Update for the point release
ctdb Fix service stop and restart failing when trying to remove a public IP address not assigned locally
debian-handbook Update for wheezy
debian-installer Rebuild for the point release
eglibc Several security fixes; fix SIGFPE when locale-archive has been corrupted to all zeros; kfreebsd: always put supplied extra gid as the first entry of group list in setgroups(); fix sys_ktimer_settime
gatling Restore compatibility with PolarSSL security update
gnash Fix playing youtube movies using the ffmpeg media handler
kexec-tools Handle x.y kernel versions
kfreebsd-8 Several security fixes
kfreebsd-9 Disable VIA hardware RNG by default; fix lseek ENXIO error condition with ZFS
lazr.restfulclient Fix some concurrency issues
libapache2-mod-rpaf Restore accidentally dropped ipv6 patch
libglib-object-introspection-perl Fix incorrect memory allocation that causes segfaults in reverse-dependencies
libhtml-formhandler-perl Fix FTBFS
libmicrohttpd Various security issues
libnet-mac-vendor-perl Fix FTBFS due to failing t/fetch_oui.t test
libotr Disable insecure OTRv1 protocol
linux Various security fixes; update to stable 3.2.54; update drm, agp to 3.4.76; fix CVE-2013-4579, CVE-2013-6368, CVE-2014-1446
localepurge Fix CVE-2014-1638, unsafe tempfile creation
lxc Use latest upstream provided lxc-debian; add rsync to Recommends
mapserver Fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function
nut Reset USB timeout to standard 5 seconds
openssl Enable assembler for the arm targets; enable ec_nistp_64_gcc_128 on *-amd64
pdns Fix lengths of the records.content and supermasters.ip columns
ruby-gsl Remove non-free documentation
ruby-opengl Remove example with unclear license
rush Fix CVE-2013-6889, file access escalation
samhain Disable dnmalloc for all architectures expect those known to work; fix mail sending from default configuration
spip Fix XSS on signature from author [CVE-2013-7303]
tuxguitar Update list of supported xulrunner versions
tzdata New upstream release
vips Fix crash on tiff with jpeg compression
wget Add support for SNI
whois New upstream release; update various TLDs
xfce4-weather-plugin Fix abort when <hi> element is empty
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<http://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
iceape Security support removed
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org.
Attachment:
signature.asc
Description: This is a digitally signed message part