------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 62-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt October 13th, 2014 ------------------------------------------------------------------------- Upcoming Debian 7 Update (7.7) An update to Debian 7 is scheduled for Saturday, October 18th, 2014. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian- installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason at Only retain variables whose name consists of alphanumerics and underscores, preventing jobs from failing in case bash exports functions to the environment with the changes from DSA-3035 axis Fix MITM attack on SSL caused by incomplete fix for CVE-2012-5784 [CVE-2014-3596] base-files Update for the point release blender Fix illegal hardware instruction ca-certificates Update Mozilla certificate bundle; fix certdata2pem.py for multiple CAs using the same CKA_LABEL debian-archive-keyring Add jessie stable release key debian-installer Rebuild for the point release debsums Suppress reporting conffiles which were moved to a new package as modified in the old package dwm Fix broken patch headers eglibc Fix invalid file descriptor reuse while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix a localplt regression introduced in version 2.13-38+deb7u3 [CVE-2014-0475]; fix a memory leak with dlopen() and thread-local storage variables; re-include all documentation, accidentally broken in earlier uploads exim4 Stop unwanted double expansion of arguments to mathematical comparison operations [CVE-2014-2972] flashplugin-nonfree Fix downgrade vulnerability, update dependencies foremost Fix invalid patch header getfem++ Fix broken patch headers gnubg Fix crash on "end game" when gnubg is run with the -t option hawtjni Fix /tmp race condition with arbitrary code execution [CVE-2013-2035] ipython Fix remote execution via cross origin websocket [CVE-2014-3429] iso-scan Do not error out when searching in folders with shell-special characters in their name keyutils Use the default compression level for xz for binary packages kvpm Fix invalid patch header libdatetime-timezone-perl New upstream release libplack-perl Avoid unintended file access due to incorrect stripping of trailing slashes from provided paths [CVE-2014-5269] libsnmp-session-perl Fix perl warnings with libsocket6-perl installed linux Update to upstream stable 3.2.63; update drm and agp to 3.4.103; udf: avoid infinite loop when processing indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco: reject SB8x0 chips live-config Disable SSH login at boot nana Rebuild with debhelper from wheezy to get rid of install-info calls in maintainer scripts; add dummy empty prerm script to allow upgrading the package after is not available net-snmp Fix "snmpd: produces error if the Executables/scripts entries in snmpd.conf is over 50"; security fixes [CVE-2014-2285 CVE-2014-3565 CVE-2012-6151] netcfg Fix support for entering an ESSID manually oss-compat Use softdep directives in the modprobe configuration; remove oss-compat.conf when removing the package perl Don't recurse infinitely in Data::Dumper [CVE-2014-4330] php-getid3 Improve fix for XXE security issue [CVE-2014-2053] postgresql-8.4 New upstream release postgresql-9.1 New upstream release proftpd-dfsg Fix overlapping buffer leading to SFTP crashes and stalls qlandkartegt Update user agent string scotch Rebuild on amd64 to correct openmpi dependency supervisor Fix restart and formatting problems with the init script tor Use correct byte order when sending the address of the chosen rendezvous point to a hidden service; update IP address for the gabelmoo v3 directory authority tzdata New upstream release unattended-upgrades Add "oldstable" to the list of accepted origins for security packages virtinst Unbreak virtinst with newer python-libvirt wireless-regdb New upstream release witty Fix symlink to jPlayer skin Blue Monday xdg-utils Use /bin/echo rather than echo -e in xdg-mail A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/stable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason ssdeep Undistributable dicomnifti Depends on to-be-removed ctn ctn Undistributable ctsim Depends on to-be-removed ctn If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part