------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 52-1 http://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt April 22nd, 2014 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 7 Update (7.5) An update to Debian GNU/Linux 7 is scheduled for Saturday, April 26th, 2014. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason advi Explicitly pass latexdir to make, avoiding files ending up in non-FHS directories base-files Update for the point release calendarserver Update zoneinfo to tzdata 2014a catfish Fix CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 certificatepatrol Raise upper version limit again to make certificatepatrol usable with iceweasel 24 clamav New upstream version conkeror Restore compatibility with newer iceweasel versions debian-installer Add support for QNAP HS-210 docx2txt Add missing dependency on unzip erlang Fix CVE-2014-1693, checking for CR or LF in user, file or directory names in the FTP module evolution-ews Fix free/busy indicators with Exchange 2013 servers firebug Restore compatibility with newer iceweasel versions flashblock New upstream release; restores compatibility with newer iceweasel versions freeciv Fix CVE-2012-5645 and CVE-2012-6083 freerdp Fix libfreerdp-dev so that it can be compiled against glark Force use of ruby 1.8, as glark doesn't work with newer versions gorm.app Fix FTBFS greasemonkey Restore compatibility with newer iceweasel versions gst-plugins-bad0.10 Fix FTBFS related to the libmodplug upgrade in DSA 2751 intel-microcode Microcode update ktp-filetransfer-handler Fix broken kde-telepathy-filetransfer-handler-dbg on mips lcms2 Security fixes libdatetime-timezone-perl Update to tzdata 2014a libfinance-quote-perl Update URLs of Yahoo! Finance services libpdf-api2-perl Fix build failure libquvi-scripts New upstream release libsoup2.4 Fix issues with NTLM authentication against Windows 2012 libxml2 Fix memory corruption when re-using the library from threaded applications linux Update to stable 3.2.57, 3.2.55-rt81, drm/agp 3.4.86; several security fixes; e1000e,igb: backport changes up to Linux 3.13 ltsp Fix remote audio on thin clients meep Stop building with -march=native meep-openmpi Stop building with -march=native mozilla-noscript New upstream release; restores compatibility with newer iceweasel versions mp3gain Several security fixes net-snmp Fix agentx subagent issues with multiple-object requests and increasing object length (CVE-2014-2310) newsbeuter Fix FTBFS due to json's switch from boolean to json_bool nvidia-graphics-drivers New upstream release nvidia-graphics-modules Build against nvidia-kernel-source 304.117 openblas Fix hang when called from an OpenMP-using program php-getid3 Fix potential XXE security issue [CVE-2014-2053] php5 Many fixes backported from upstream polarssl Fix FTBFS bug due to expired certificates postgresql-8.4 New upstream micro-release postgresql-9.1 New upstream micro-release qemu Fix entry pointer for ELF kernels loaded with -kernel option; only allow real mode to access 32bit without LMA qemu-kvm Fix entry pointer for ELF kernels loaded with -kernel option; only allow real mode to access 32bit without LMA quassel Fix CVE-2013-6404: clients can access backlogs belonging to other users resource-agents Fix HTTPS service checking by IP address ruby-passenger Fix CVE-2014-1831 and CVE-2014-1832: insecure use of /tmp sage-extension Restore compatibility with newer iceweasel versions samba Fix CVE-2012-6150, CVE-2013-4496 samba4 Drop samba4 and winbind4 binary packages spamassassin Remove 'xxx' from the list of common fake TLDs, since it's not fake any more; remove rules referring to rfc-ignorant.org and NJABL, which have been shut down spip Fix missing escaping; update security screen subversion Fix mod_dav_svn crash when handling certain requests [CVE-2014-0032] and removal of libsvnjavahl-1.a/.la/.so from libsvn-dev sympa Fix CAS authentication issues; fix SQLite upgrade patch to avoid errors with perl <= 5.14; raise a warning instead of an error when the CA bundle file is not readable; provide the missing template help_suspend.tt2 tweepy Update to Twitter API 1.1 and use SSL tzdata New upstream release wml Remove temporary directories (ipp.*) xine-lib Fix modplug-related FTBFS xine-lib-1.2 Fix modplug-related FTBFS A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/stable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason hlbr Broken hlbrw Depends on to-be-removed hlbr If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part