[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 86-1] Upcoming Debian 8 Update (8.2)

Debian Stable Updates Announcement SUA 86-1       https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
August 31st, 2015

Upcoming Debian 8 Update (8.2)

An update to Debian 8 is scheduled for Saturday, September 5th, 2015. As
of now it will include the following bug fixes. They can be found in
"jessie-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "jessie-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bug Fixes

This stable update adds a few important corrections to the following

    Package                         Reason

    akonadi                         Fix a bug that caused old files to be kept when they should be removed
    apache2                         Fix conffile logic for wheezy to jessie upgrades; fix -D[efined] or <Define>[d] variables lifetime accross restarts; mpm_event: Fix process deadlock when shutting down a worker; mpm_event: Fix crashes due to various race conditions
    apt                             Parse specific-arch dependencies correctly on single-arch systems; remove "first package seen is native package" assumption; fix endless loop in apt-get update that can cause disk fillup
    bareos                          Fix backup corruption on multi-volume jobs; add autopkgtests
    base-files                      Update for the point release
    binutils-mingw-w64              Apply upstream fix to handle Visual Studio DLLs
    bird                            Correctly migrate bird6.conf from bird6 package
    cron                            cron.service: Use KillMode=process to kill only the daemon, not running jobs
    cross-gcc                       Require bash in rules.template makefile
    dbus                            Fix a memory leak when GetConnectionCredentials is called; stop dbus-monitor replying to org.freedesktop.DBus.Peer messages, including those that another process should have replied to
    debian-installer-launcher       Set the menu icon text in the source package to read "Install Debian jessie"
    designate                       Fix mDNS DoS through incorrect handling of large RecordSets [CVE-2015-5695]
    dovecot                         Fix SSL/TLS handshake failures leading to a crash of the login process with newer versions of OpenSSL [CVE-2015-3420]; fix mbox corruption issue
    ejabberd                        Fix logging of nicknames in muc logs and parsing of "ldap_dn_filter" option; postinst: restart on upgrade; logrotate: don't signal a non-running daemon
    flash-kernel                    Combine i.MX53 QSB and LOCO board entries, they are the same thing and the LOCO variant was missing DTB information, possibly causing issues during wheezy to jessie upgrades
    fusiondirectory                 Access javascript libraries via a path relative to FusionDirectory's base path
    glibc                           Fix pthread_mutex_trylock with lock elision; fix gprof entry point on ppc64el; fix a buffer overflow in getanswer_r [CVE-2015-1781]
    glusterfs                       Stop creating UNIX domain sockets as FIFOs on NFS
    gnome-terminal                  Open new tabs in working directory, rather than home directory
    gnutls28                        Fix a crash in VIA PadLock asm; fix GNUTLS-SA-2015-2, which allowed MD5 signatures (which are disabled by default) in the ServerKeyExchange message
    gosa                            Fix idGenerator for patterns like {%sn[3-6}-{%givenName[3-6]}; enable CSV / LDIF import on (non-Debian-Edu) clean installations by default
    groovy2                         Fix remote execution of untrusted code and possible DoS vulnerability [CVE-2015-3253]
    grub-installer                  Correctly propagate grub-installer/force-efi-extra-removable to installed system
    gtk+3.0                         Fix several crashes
    haproxy                         Fix a segfault when parsing a configuration file containing disabled proxy sections
    how-can-i-help                  Use HTTPS to connect to UDD
    kic                             configure: Do not add -L without argument to $LIBS
    lame                            Enable functions with SSE instructions to maintain their own properly aligned stack. Fixes crashes when called from the ocaml bindings
    libdatetime-timezone-perl       New upstream release
    libgee-0.8                      Fix default value of --enable-consistency-check, otherwise a very expensive debug option is turned on by default and would make a lot of applications unusably slow
    libio-socket-ssl-perl           Make PublicSuffix::_default_data thread safe
    libisocodes                     Fix GLib critical warning if the environment variable LANGUAGE is not set
    libvirt                         Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu; fix crash on live migration; allow access to libnl-3 configuration; report original error when QMP probing fails with new QEMU
    linux-ftpd-ssl                  Fix "NLST of empty directory results in segfault"
    lynx-cur                        Use gnutls_set_default_priority() instead of a custom priority string, so fixing GNUTLS-SA-2015-2 in GnuTLS does not break SSL support in lynx
    mesa                            Disable asynchronous DMA on radeonsi which can cause lockups
    motif                           Disable fix for upstream bug #1565 which caused segfaults in ddd and xpdf
    mozilla-gnome-keyring           Restore compatibility with newer Iceweasel versions
    nbd                             Fix authfile parsing
    nss                             Fix certificate chain generation to prefer stronger/newer certificates over weaker/older certs
    ocl-icd                         Fix "clSVMFree never called in OpenCL ICD"
    pdf.js                          Drop xul-ext-pdf.js package since it's not compatible with Iceweasel 38
    postgresql-9.1                  New upstream release
    postgresql-9.4                  New upstream release
    prosody                         Fix CNAME resolution
    python-apt                      Work around a cyclic reference from Cache to its methods; LFS fixes; fix splitting of multi-lines Binary fields in dsc files; arch-qualify in compare_to_version_in_cache(); fix apt.Package.installed_files for multi-arch packages
    python-keystoneclient           Fix S3token incorrect condition expression for ssl_insecure [CVE-2015-1852]
    python-keystonemiddleware       Fix S3Token TLS cert verification option not honored [CVE-2015-1852]
    python-reportlab                Correctly handle PNGs containing transparency
    python-swiftclient              Add missing dependency on python-pkg-resources
    r-cran-rcurl                    Build-Depend on libcurl4-openssl-dev, fixing issues with PEM certificate bundles
    rawtherapee                     Fix dcraw imput sanitization errors [CVE-2015-3885]
    requestpolicy                   Restore compatibility with newer Iceweasel versions
    rsyslog                         Disable transactions in ompgsql as they were not working properly
    ruby2.1                         Fix request hijacking vulnerability in Rubygems [CVE-2015-3900]
    syslinux                        Fix booting on some Chromebooks
    systemd                         Disable default DNS servers in systemd-resolve; use strictly versioned dependendency on libsystemd-dev for the transitional dev packages; udev: Increase udev event timeout to 180s
    tabmixplus                      Restore compatibility with newer Iceweasel versions
    tcpdump                         Fix -Z confirmation log being sent to stdout, where it can get mixed with pcap stream data if '-w -' is used
    torrus                          Revert broken patch refresh, thereby fixing rrdup_notify
    tzdata                          New upstream release
    ufraw                           Fix buffer overflow in ljpeg_start [CVE-2015-3885]
    unattended-upgrades             Make optional automatic-reboot work again; really fix adding of jessie-security
    wesnoth-1.10                    Disallow inclusion of .pbl files from WML [CVE-2015-5069, CVE-2015-5070]
    xemacs21                        Conflict against old transitional packages to make absolutely sure that they are removed before we try to upgrade; remove dependency from support to binary package since the binary package already has the equivalent dependency
    xserver-xorg-video-modesetting  Don't pretend to support rotation

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    criu                  Fast-moving target, too difficult to keep updated
    dactyl                Incompatible with newer Iceweasel versions
    fullscreen-extension  Incompatible with newer Iceweasel versions
    netty3.1              Dependency for non-present jetty
    php-zend-xml          Security issues; useless in Debian
    rubyfilter            Broken (empty) package

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: