[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 62-1] Upcoming Debian 7 Update (7.7)

Debian Stable Updates Announcement SUA 62-1       https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt           
October 13th, 2014

Upcoming Debian 7 Update (7.7)

An update to Debian 7 is scheduled for Saturday, October 18th, 2014. As
of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                       Reason

    at                            Only retain variables whose name consists of alphanumerics and underscores, preventing jobs from failing in case bash exports functions to the environment with the changes from DSA-3035
    axis                          Fix MITM attack on SSL caused by incomplete fix for CVE-2012-5784 [CVE-2014-3596]
    base-files                    Update for the point release
    blender                       Fix illegal hardware instruction
    ca-certificates               Update Mozilla certificate bundle; fix certdata2pem.py for multiple CAs using the same CKA_LABEL
    debian-archive-keyring        Add jessie stable release key
    debian-installer              Rebuild for the point release
    debsums                       Suppress reporting conffiles which were moved to a new package as modified in the old package
    dwm                           Fix broken patch headers
    eglibc                        Fix invalid file descriptor reuse while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix a localplt regression introduced in version 2.13-38+deb7u3 [CVE-2014-0475]; fix a memory leak with dlopen() and thread-local storage variables; re-include all documentation, accidentally broken in earlier uploads
    exim4                         Stop unwanted double expansion of arguments to mathematical comparison operations [CVE-2014-2972]
    flashplugin-nonfree           Fix downgrade vulnerability, update dependencies
    foremost                      Fix invalid patch header
    getfem++                      Fix broken patch headers
    gnubg                         Fix crash on "end game" when gnubg is run with the -t option
    hawtjni                       Fix /tmp race condition with arbitrary code execution [CVE-2013-2035]
    ipython                       Fix remote execution via cross origin websocket [CVE-2014-3429]
    iso-scan                      Do not error out when searching in folders with shell-special characters in their name
    keyutils                      Use the default compression level for xz for binary packages
    kvpm                          Fix invalid patch header
    libdatetime-timezone-perl     New upstream release
    libplack-perl                 Avoid unintended file access due to incorrect stripping of trailing slashes from provided paths [CVE-2014-5269]
    libsnmp-session-perl          Fix perl warnings with libsocket6-perl installed
    linux                         Update to upstream stable 3.2.63; update drm and agp to 3.4.103; udf: avoid infinite loop when processing indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco: reject SB8x0 chips
    live-config                   Disable SSH login at boot
    nana                          Rebuild with debhelper from wheezy to get rid of install-info calls in maintainer scripts; add dummy empty prerm script to allow upgrading the package after is not available
    net-snmp                      Fix "snmpd: produces error if the Executables/scripts entries in snmpd.conf is over 50"; security fixes [CVE-2014-2285 CVE-2014-3565 CVE-2012-6151]
    netcfg                        Fix support for entering an ESSID manually
    oss-compat                    Use softdep directives in the modprobe configuration; remove oss-compat.conf when removing the package
    perl                          Don't recurse infinitely in Data::Dumper [CVE-2014-4330]
    php-getid3                    Improve fix for XXE security issue [CVE-2014-2053]
    postgresql-8.4                New upstream release
    postgresql-9.1                New upstream release
    proftpd-dfsg                  Fix overlapping buffer leading to SFTP crashes and stalls
    qlandkartegt                  Update user agent string
    scotch                        Rebuild on amd64 to correct openmpi dependency
    supervisor                    Fix restart and formatting problems with the init script
    tor                           Use correct byte order when sending the address of the chosen rendezvous point to a hidden service; update IP address for the gabelmoo v3 directory authority
    tzdata                        New upstream release
    unattended-upgrades           Add "oldstable" to the list of accepted origins for security packages
    virtinst                      Unbreak virtinst with newer python-libvirt
    wireless-regdb                New upstream release
    witty                         Fix symlink to jPlayer skin Blue Monday
    xdg-utils                     Use /bin/echo rather than echo -e in xdg-mail

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason
    ssdeep              Undistributable
    dicomnifti          Depends on to-be-removed ctn
    ctn                 Undistributable
    ctsim               Depends on to-be-removed ctn

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: