[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 80-1] Upcoming Debian 8 Update (8.1)

Debian Stable Updates Announcement SUA 80-1       https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
June 1st, 2015

Upcoming Debian 8 Update (8.1)

An update to Debian 8 is scheduled for Saturday, June 6th, 2015. As of
now it will include the following bug fixes. They can be found in
"jessie-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "jessie-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include an updated debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

  Package                       Reason

  base-files                  Update for the point release
  berkeley-abc                Fix big-endian issues, memory alignment and reproducible build
  blackbox                    Fix possible loss of focus when clicking on a window
  caja                        Postpone automount actions while session locked by screensaver
  clamav                      Fix clamav-daemon installability with custom PidFile; new upstream version
  cproto                      Make -X command line option work again
  cwm                         Fix "Lookups for 'exec' and 'wm' fail on XFS" by adding an extra check using lstat() if the d_type check fails
  dbus                        Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus
  debian-lan-config           Fix package names on i386; switch back to nfsv3 to avoid freezes; disable adzapper and browser-plugin-gnash as they're not in Jessie; add libcgi-fast-perl to make the zoom in munin work; make installation of sudo-ldap and exim4-daemon-heavy more robust
  didjvu                      Fix insecure tempfile use
  ejabberd                    Add --enable-transient_supervisors build-flag; accept trailing newline characters in Base64 strings; drop debian/ejabberd.8 as there is no "ejabberd" executable any more
  exactimage                  Integer overflow in the ljpeg_start function in dcraw [CVE-2015-3885]
  fai                         Setup-storage: add support for parted 2.4; fai: Fix IP address lifetime
  feed2imap                   Fix filter usage and "include-images" option
  freeorion                   Fix build failure
  ganeti                      New upstream stable release
  gdnsd                       Fix incorrect error message, per-address level udp_recv_width option limit, plugin_extmon bugfix for bad timeout/interval behaviour if either >255s, fix possible binding to incorrect port on startup
  gnome-shell                 Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with nvidia drivers
  gnutls28                    Fix use-after-free flaw in gnutls_x509_ext_import_crl_dist_points() [CVE-2015-3308]
  hello                       Test upload for jessie-security
  ibus-cangjie                Fix duplicate character issue, Python tracebacks, placement of candidate popup and Taiwanese translation
  installation-guide          Remove mention of kfreebsd as supported arches for Jessie; revert to documenting that the text installer is still the default; fix kernel source compression extension in kernel-baking.xml; add an example preseed entry for setting up multi-arch; fix custom revision in make-kpkg example
  ircd-hybrid                 Fix a DoS from localhost clients; configuration script no longer ignores the result of upgrade questions; support chained SSL certificates; don't display upgrade warnings on new installs
  lastpass-cli                Update upstream CA certificate
  libav                       Fix use of illegal instruction on i586
  libdatetime-timezone-perl   New upstream release
  libi18n-charset-perl        Remove a stray 'use blib' line
  libinfinity                 Fix certificate verification with trusted CAs, a client-side crash when the server shuts down and some assertion failures and inconsistencies in InfTextFixlineBuffer [CVE-2015-3886]
  libraw                      Fix DoS via crafted image [CVE-2015-3885]
  libvncserver                Fix libgcrypt init before use; replace non-free SHA1 implementation
  linux                       Update to upstream 3.16.7-ctk11; ext4: fix data corruption caused by unwritten and delayed extents; libata: update Crucial/Micron blacklist, blacklist queued TRIM on Samsung SSD 850 Pro; USB: Add support for XHCI on APM Mustang
  mate-desktop                Add libstartup-notification0-dev and libdconf-dev to the dependencies of libmate-desktop-dev
  mate-netbook                Ensure Window Picker applet doesn't override mate-maximus
  mate-utils                  Show correct error message if loading of the mate-screenshot UI fails
  mew                         Tighten e-mail address match to avoid incorrect key being used for encryption
  mew-beta                    Tighten e-mail address match to avoid incorrect key being used for encryption
  multipath-tools             Include dm-service-time in the initramfs as it's now the default, fixing boot from multipath
  mutter                      Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with nvidia drivers
  needrestart                 Fix warnings and errors if a process has not got a valid cwd; fix kernel version sorting; fix Perl warnings while scanning dangling kernel symlinks
  node-groove                 Fix CPU usage
  open-iscsi                  Ensure udebs are populated on all architectures
  opencv                      Build with -march=i586 instead of -march=i686 on i386
  openstack-debian-images     Disable /etc/modules update for acpiphp and pci_hotplug; add security repository to Jessie images; fix ACPI shutdown for Wheezy and Jessie
  osmosis                     Fix java.lang.ClassCastException for java.util.HashMap to org.openstreetmap.osmosis.hstore.PGHStore
  pdf2djvu                    Fix insecure tempfile usage
  pdns                        Security update
  pdns-recursor               Security update
  perl                        Make the perl debugger work with threaded programs again
  pgbouncer                   Fix remote crash - invalid packet order causes lookup of NULL pointer [CVE-2015-4054]
  php-horde                   Fix XSS in group administration
  php-horde-passwd            Fix password change via Kolab driver
  phpbb3                      Fix possible redirect vulnerability [CVE-2015-3880]
  python-dbusmock             Prevent code execution through crafted pyc files [CVE-2015-1326]
  qcontrol                    Wait for necessary devices to appear before starting, working around an issue exposed by systemd LSB compatibility mode
  qt4-x11                     Fix crashes in GIF, BMP and ICO decoders [CVE-2015-1858 CVE-2015-1859 CVE-2015-1860]
  qtbase-opensource-src       Fix crashes in GIF, BMP and ICO decoders [CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860]
  ruby-defaults               Add "Conflicts: ruby-activesupport-2.3" to help upgrades from Wheezy
  semi                        Tighten e-mail address match to avoid incorrect key being used for encryption
  smstools                    Drop non-policy-compliant "reload" option from the init script; use "force-reload" for logrotate
  systemd                     Revert immediate SIGKILLing of units during shutdown, leading to cleanup failures; write_net_rules: escape '{' and '}'
  tasksel                     Make task-xfce-desktop recommend evince-gtk | evince instead of just evince-gtk, making the GNOME and Xfce desktop tasks co-installable
  tecnoballz                  Fix multiple gameplay issues - minimum distance of bouncers to walls in boss levels, gigablitz gague not working, right click could exit game
  tlsdate                     Switch from www.ptb.de to www.google.com as the former is now sending randomized gmt values
  torbrowser-launcher         Handle paths which changed in the torbrowser 4.5 release; remove no longer working "accept links" folder; stop acting as default browser
  translate-shell             Restore functionality by switching to new Google Translate API
  tzdata                      New upstream release
  ulogd2                      Correct JSON output of integer types on big-endian systems
  unattended-upgrades         Fix default configuration to match jessie-security
  usemod-wiki                 Adjust startform/endform to start_form/end_form for compatibility with libcgi-pm-perl
  virtualbox                  Fix crash in raw mode; fix kernel paging issue, enabling operation on Broadwell CPUs
  win32-loader                Replace the Joy screenshot by a recent Lines screenshot; replace http.debian.net with httpredir.debian.org

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: