-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 65-1 https://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
January 5th, 2015
-------------------------------------------------------------------------
Upcoming Debian 7 Update (7.8)
An update to Debian 7 is scheduled for Saturday, January 10th, 2015. As
of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apache2 Fix handling of chunk trailers to avoid bypass of intended mod_headers restrictions [CVE-2013-5704]; fix hostname comparison with SNI to be case insensitive
apt Retry without partial data after a 416 response
base-files Update debian_version for the point release
bashburn Fix upgrades from the old "mybashburn" package in squeeze
clamav Fix endless loop on special crafted quantum compressed cab files; new upstream version
debian-archive-keyring Add archive signing keys for Jessie
debootstrap Install base-passwd and base-files in two calls rather than one to avoid problems with home-built media with different ordering in Packages
dhcpcd5 Fix denial of service [CVE-2014-6060]
digikam Add versioned Breaks/Replaces on digikam-doc, to fix upgrades from Squeeze
evolution-data-server Enable all SSL/TLS versions supported by NSS
firetray Increase version compatibility with icedove
freecol Disable intro video to avoid hanging at startup
gnustep-base Fix security issue in gdomap [CVE-2014-2980] and regression in -performSelector: with message forwarding
gosa Fix XSS issue during login and authentication against LDAP server(s) via the gosa-admin DN
intel-microcode Disable TSX instructions in Haswell and other errata
iucode-tool Fix a possible buffer overwrite, memory leak and other issues found by coverity
libclamunrar Update to new upstream version, in line with clamav
libdatetime-timezone-perl New upstream release; update included data files to 2014j
linux New upstream stable release; drm, agp: Update to 3.4.105; [rt] Update to 3.2.64-rt94; security fixes [CVE-2014-7842, CVE-2014-8134, CVE-2014-9420]
mumble Fix UDP communication failing until connected user's mic is activated and data sent; fix crash on connecting; properly HTML-escape some external strings before using them in a rich-text (HTML) context [CVE-2014-3756]; fix client DoS via SVG images with local file references [CVE-2014-3755]
netcfg Fix missing bounds check on nameserver array iteration
nostalgy Update for compatibility with new icedove versions from security
nvidia-graphics-drivers New upstream release
shutdown-at-night Check for active users before shutting down
sieve-extension Increase version compatibility with icedove
spamassassin Export perl_version to rules, as upstream has started using it in published rules
tzdata New upstream release
wireless-regdb New upstream release, with updated / added data
xulrunner New source package split out from iceweasel (which no longer provides xulrunner in newer versions)
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<https://release.debian.org/proposed-updates/stable.html>
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part