------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 65-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt January 5th, 2015 ------------------------------------------------------------------------- Upcoming Debian 7 Update (7.8) An update to Debian 7 is scheduled for Saturday, January 10th, 2015. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason apache2 Fix handling of chunk trailers to avoid bypass of intended mod_headers restrictions [CVE-2013-5704]; fix hostname comparison with SNI to be case insensitive apt Retry without partial data after a 416 response base-files Update debian_version for the point release bashburn Fix upgrades from the old "mybashburn" package in squeeze clamav Fix endless loop on special crafted quantum compressed cab files; new upstream version debian-archive-keyring Add archive signing keys for Jessie debootstrap Install base-passwd and base-files in two calls rather than one to avoid problems with home-built media with different ordering in Packages dhcpcd5 Fix denial of service [CVE-2014-6060] digikam Add versioned Breaks/Replaces on digikam-doc, to fix upgrades from Squeeze evolution-data-server Enable all SSL/TLS versions supported by NSS firetray Increase version compatibility with icedove freecol Disable intro video to avoid hanging at startup gnustep-base Fix security issue in gdomap [CVE-2014-2980] and regression in -performSelector: with message forwarding gosa Fix XSS issue during login and authentication against LDAP server(s) via the gosa-admin DN intel-microcode Disable TSX instructions in Haswell and other errata iucode-tool Fix a possible buffer overwrite, memory leak and other issues found by coverity libclamunrar Update to new upstream version, in line with clamav libdatetime-timezone-perl New upstream release; update included data files to 2014j linux New upstream stable release; drm, agp: Update to 3.4.105; [rt] Update to 3.2.64-rt94; security fixes [CVE-2014-7842, CVE-2014-8134, CVE-2014-9420] mumble Fix UDP communication failing until connected user's mic is activated and data sent; fix crash on connecting; properly HTML-escape some external strings before using them in a rich-text (HTML) context [CVE-2014-3756]; fix client DoS via SVG images with local file references [CVE-2014-3755] netcfg Fix missing bounds check on nameserver array iteration nostalgy Update for compatibility with new icedove versions from security nvidia-graphics-drivers New upstream release shutdown-at-night Check for active users before shutting down sieve-extension Increase version compatibility with icedove spamassassin Export perl_version to rules, as upstream has started using it in published rules tzdata New upstream release wireless-regdb New upstream release, with updated / added data xulrunner New source package split out from iceweasel (which no longer provides xulrunner in newer versions) A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/stable.html> If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part