[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 93-1] Upcoming Debian 7 Update (7.10)

Debian Stable Updates Announcement SUA 93-1       https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
March 28th, 2016

Upcoming Debian 7 Update (7.10)

An update to Debian 7 is scheduled for Saturday, April 2nd, 2016. As of
now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    amd64-microcode               Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch
    aptdaemon                     Security fix [CVE-2015-1323]
    base-files                    Update for the point release
    c-icap                        Fix FTBFS with "newer" OpenSSL versions; rebuild against libclamav7
    c-icap-modules                Rebuild against libclamav7
    calendarserver                Fix POODLE; update zoneinfo to tzdata 2015g
    clamav                        Avoid unaligned memory access; new upstream release
    commons-httpclient            Ensure HTTPS calls use http.socket.timeout during SSL Handshake [CVE-2015-5262]
    dansguardian                  Rebuild against libclamav7
    dbconfig-common               Fix permission of PostgreSQL backup files
    exfat-utils                   Fix buffer overflow and infinite loop
    exim4                         Fix defect in 89_02_Store-the-initial-working-directory.diff patch from the previous security upload
    firebug                       Update for compatibility with newer Iceweasel versions
    fuse-exfat                    Fix buffer overflow and infinite loop
    giflib                        Bail out if Width > SWidth [CVE-2015-7555]
    gummi                         Avoid predictable naming of temporary files [CVE 2015-7758]
    iptables-persistent           Stop rules files being world-readable
    libclamunrar                  Rebuild for libclamav7
    libdatetime-timezone-perl     Update included data to tzdata 2016c
    libhtml-scrubber-perl         Fix cross-site scripting vulnerability in comments [CVE-2015-5667]
    libiptables-parse-perl        Fix use of predictable names for temporary files [CVE-2015-8326]
    librsvg                       Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557]
    libssh                        Fix "Double free on dangling pointers in initial key exchange packet" [CVE-2014-8132]; fix "null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets" [CVE-2015-3146]
    linux                         Update to new upstream stable release 3.2.78; rt: update to 3.2.77-rt111; splice: sendfile() at once fails for big files; drm, agp: update to 3.4.110;  ppp, slip: Validate VJ compression slot parameters completely [CVE-2015-7799]; KVM: svm: unconditionally intercept #DB [CVE-2015-8104]; 
    live-tools                    Depend on initramfs-tools
    maven2                        Rebuild with libmaven2-core-java 2.2.1-8+deb7u1 to use a secure connection by default to download artifacts from the Maven Central repository
    maven2-core                   Use a secure connection by default to download artifacts from the Maven Central repository
    nvidia-graphics-drivers       New upstream release [CVE-2015-5950]; new upstream legacy 304xx branch release 304.131 (2015-11-16); fix Unsanitized User Mode Input issue [CVE-2015-7869]
    nvidia-graphics-modules       Rebuild against nvidia-kernel-source 304.128; rebuild with nvidia-kernel-source 304.131
    pykerberos                    Add KDC authenticity verification support [CVE-2015-3206]
    python-clamav                 Rebuild against libclamav7
    sendmail                      Properly set the close-on-exec flag for file descriptors before executing mailers [CVE-2014-3956]; fix an incorrect assertion in libmilter; add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2; fix A-only MX CNAME interface binding issues when using IPv6; raise MAXDAEMONS from 10 to 64; start sendmail after bind9 (or any other named) if it is installed; fix infinite loop in update_db
    stk                           Install missing SKINI.{msg,tbl} include files
    tzdata                        New upstream release
    zendframework                 Fix entropy issue with captcha [ZF2015-09]

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    gnome-gmail         Broken
    libnsbmp            Security issues, unmaintained
    libnsgif            Security issues, unmaintained
    tlslite             Unmaintained, outdated
    vimperator          Incompatible with newer iceweasel versions

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: