-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 62-1 https://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
October 13th, 2014
-------------------------------------------------------------------------
Upcoming Debian 7 Update (7.7)
An update to Debian 7 is scheduled for Saturday, October 18th, 2014. As
of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.
The point release will also include a rebuild of debian-
installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
at Only retain variables whose name consists of alphanumerics and underscores, preventing jobs from failing in case bash exports functions to the environment with the changes from DSA-3035
axis Fix MITM attack on SSL caused by incomplete fix for CVE-2012-5784 [CVE-2014-3596]
base-files Update for the point release
blender Fix illegal hardware instruction
ca-certificates Update Mozilla certificate bundle; fix certdata2pem.py for multiple CAs using the same CKA_LABEL
debian-archive-keyring Add jessie stable release key
debian-installer Rebuild for the point release
debsums Suppress reporting conffiles which were moved to a new package as modified in the old package
dwm Fix broken patch headers
eglibc Fix invalid file descriptor reuse while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix a localplt regression introduced in version 2.13-38+deb7u3 [CVE-2014-0475]; fix a memory leak with dlopen() and thread-local storage variables; re-include all documentation, accidentally broken in earlier uploads
exim4 Stop unwanted double expansion of arguments to mathematical comparison operations [CVE-2014-2972]
flashplugin-nonfree Fix downgrade vulnerability, update dependencies
foremost Fix invalid patch header
getfem++ Fix broken patch headers
gnubg Fix crash on "end game" when gnubg is run with the -t option
hawtjni Fix /tmp race condition with arbitrary code execution [CVE-2013-2035]
ipython Fix remote execution via cross origin websocket [CVE-2014-3429]
iso-scan Do not error out when searching in folders with shell-special characters in their name
keyutils Use the default compression level for xz for binary packages
kvpm Fix invalid patch header
libdatetime-timezone-perl New upstream release
libplack-perl Avoid unintended file access due to incorrect stripping of trailing slashes from provided paths [CVE-2014-5269]
libsnmp-session-perl Fix perl warnings with libsocket6-perl installed
linux Update to upstream stable 3.2.63; update drm and agp to 3.4.103; udf: avoid infinite loop when processing indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco: reject SB8x0 chips
live-config Disable SSH login at boot
nana Rebuild with debhelper from wheezy to get rid of install-info calls in maintainer scripts; add dummy empty prerm script to allow upgrading the package after is not available
net-snmp Fix "snmpd: produces error if the Executables/scripts entries in snmpd.conf is over 50"; security fixes [CVE-2014-2285 CVE-2014-3565 CVE-2012-6151]
netcfg Fix support for entering an ESSID manually
oss-compat Use softdep directives in the modprobe configuration; remove oss-compat.conf when removing the package
perl Don't recurse infinitely in Data::Dumper [CVE-2014-4330]
php-getid3 Improve fix for XXE security issue [CVE-2014-2053]
postgresql-8.4 New upstream release
postgresql-9.1 New upstream release
proftpd-dfsg Fix overlapping buffer leading to SFTP crashes and stalls
qlandkartegt Update user agent string
scotch Rebuild on amd64 to correct openmpi dependency
supervisor Fix restart and formatting problems with the init script
tor Use correct byte order when sending the address of the chosen rendezvous point to a hidden service; update IP address for the gabelmoo v3 directory authority
tzdata New upstream release
unattended-upgrades Add "oldstable" to the list of accepted origins for security packages
virtinst Unbreak virtinst with newer python-libvirt
wireless-regdb New upstream release
witty Fix symlink to jPlayer skin Blue Monday
xdg-utils Use /bin/echo rather than echo -e in xdg-mail
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<https://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
ssdeep Undistributable
dicomnifti Depends on to-be-removed ctn
ctn Undistributable
ctsim Depends on to-be-removed ctn
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part