------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 80-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt June 1st, 2015 ------------------------------------------------------------------------- Upcoming Debian 8 Update (8.1) An update to Debian 8 is scheduled for Saturday, June 6th, 2015. As of now it will include the following bug fixes. They can be found in "jessie-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "jessie-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include an updated debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason base-files Update for the point release berkeley-abc Fix big-endian issues, memory alignment and reproducible build blackbox Fix possible loss of focus when clicking on a window caja Postpone automount actions while session locked by screensaver clamav Fix clamav-daemon installability with custom PidFile; new upstream version cproto Make -X command line option work again cwm Fix "Lookups for 'exec' and 'wm' fail on XFS" by adding an extra check using lstat() if the d_type check fails dbus Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus debian-lan-config Fix package names on i386; switch back to nfsv3 to avoid freezes; disable adzapper and browser-plugin-gnash as they're not in Jessie; add libcgi-fast-perl to make the zoom in munin work; make installation of sudo-ldap and exim4-daemon-heavy more robust didjvu Fix insecure tempfile use ejabberd Add --enable-transient_supervisors build-flag; accept trailing newline characters in Base64 strings; drop debian/ejabberd.8 as there is no "ejabberd" executable any more exactimage Integer overflow in the ljpeg_start function in dcraw [CVE-2015-3885] fai Setup-storage: add support for parted 2.4; fai: Fix IP address lifetime feed2imap Fix filter usage and "include-images" option freeorion Fix build failure ganeti New upstream stable release gdnsd Fix incorrect error message, per-address level udp_recv_width option limit, plugin_extmon bugfix for bad timeout/interval behaviour if either >255s, fix possible binding to incorrect port on startup gnome-shell Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with nvidia drivers gnutls28 Fix use-after-free flaw in gnutls_x509_ext_import_crl_dist_points() [CVE-2015-3308] hello Test upload for jessie-security ibus-cangjie Fix duplicate character issue, Python tracebacks, placement of candidate popup and Taiwanese translation installation-guide Remove mention of kfreebsd as supported arches for Jessie; revert to documenting that the text installer is still the default; fix kernel source compression extension in kernel-baking.xml; add an example preseed entry for setting up multi-arch; fix custom revision in make-kpkg example ircd-hybrid Fix a DoS from localhost clients; configuration script no longer ignores the result of upgrade questions; support chained SSL certificates; don't display upgrade warnings on new installs lastpass-cli Update upstream CA certificate libav Fix use of illegal instruction on i586 libdatetime-timezone-perl New upstream release libi18n-charset-perl Remove a stray 'use blib' line libinfinity Fix certificate verification with trusted CAs, a client-side crash when the server shuts down and some assertion failures and inconsistencies in InfTextFixlineBuffer [CVE-2015-3886] libraw Fix DoS via crafted image [CVE-2015-3885] libvncserver Fix libgcrypt init before use; replace non-free SHA1 implementation linux Update to upstream 3.16.7-ctk11; ext4: fix data corruption caused by unwritten and delayed extents; libata: update Crucial/Micron blacklist, blacklist queued TRIM on Samsung SSD 850 Pro; USB: Add support for XHCI on APM Mustang mate-desktop Add libstartup-notification0-dev and libdconf-dev to the dependencies of libmate-desktop-dev mate-netbook Ensure Window Picker applet doesn't override mate-maximus mate-utils Show correct error message if loading of the mate-screenshot UI fails mew Tighten e-mail address match to avoid incorrect key being used for encryption mew-beta Tighten e-mail address match to avoid incorrect key being used for encryption multipath-tools Include dm-service-time in the initramfs as it's now the default, fixing boot from multipath mutter Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with nvidia drivers needrestart Fix warnings and errors if a process has not got a valid cwd; fix kernel version sorting; fix Perl warnings while scanning dangling kernel symlinks node-groove Fix CPU usage open-iscsi Ensure udebs are populated on all architectures opencv Build with -march=i586 instead of -march=i686 on i386 openstack-debian-images Disable /etc/modules update for acpiphp and pci_hotplug; add security repository to Jessie images; fix ACPI shutdown for Wheezy and Jessie osmosis Fix java.lang.ClassCastException for java.util.HashMap to org.openstreetmap.osmosis.hstore.PGHStore pdf2djvu Fix insecure tempfile usage pdns Security update pdns-recursor Security update perl Make the perl debugger work with threaded programs again pgbouncer Fix remote crash - invalid packet order causes lookup of NULL pointer [CVE-2015-4054] php-horde Fix XSS in group administration php-horde-passwd Fix password change via Kolab driver phpbb3 Fix possible redirect vulnerability [CVE-2015-3880] python-dbusmock Prevent code execution through crafted pyc files [CVE-2015-1326] qcontrol Wait for necessary devices to appear before starting, working around an issue exposed by systemd LSB compatibility mode qt4-x11 Fix crashes in GIF, BMP and ICO decoders [CVE-2015-1858 CVE-2015-1859 CVE-2015-1860] qtbase-opensource-src Fix crashes in GIF, BMP and ICO decoders [CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860] ruby-defaults Add "Conflicts: ruby-activesupport-2.3" to help upgrades from Wheezy semi Tighten e-mail address match to avoid incorrect key being used for encryption smstools Drop non-policy-compliant "reload" option from the init script; use "force-reload" for logrotate systemd Revert immediate SIGKILLing of units during shutdown, leading to cleanup failures; write_net_rules: escape '{' and '}' tasksel Make task-xfce-desktop recommend evince-gtk | evince instead of just evince-gtk, making the GNOME and Xfce desktop tasks co-installable tecnoballz Fix multiple gameplay issues - minimum distance of bouncers to walls in boss levels, gigablitz gague not working, right click could exit game tlsdate Switch from www.ptb.de to www.google.com as the former is now sending randomized gmt values torbrowser-launcher Handle paths which changed in the torbrowser 4.5 release; remove no longer working "accept links" folder; stop acting as default browser translate-shell Restore functionality by switching to new Google Translate API tzdata New upstream release ulogd2 Correct JSON output of integer types on big-endian systems unattended-upgrades Fix default configuration to match jessie-security usemod-wiki Adjust startform/endform to start_form/end_form for compatibility with libcgi-pm-perl virtualbox Fix crash in raw mode; fix kernel paging issue, enabling operation on Broadwell CPUs win32-loader Replace the Joy screenshot by a recent Lines screenshot; replace http.debian.net with httpredir.debian.org A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/stable.html> If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part