-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 93-1 https://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
March 28th, 2016
-------------------------------------------------------------------------
Upcoming Debian 7 Update (7.10)
An update to Debian 7 is scheduled for Saturday, April 2nd, 2016. As of
now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@lists.debian.org" on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
Package Reason
amd64-microcode Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch
aptdaemon Security fix [CVE-2015-1323]
base-files Update for the point release
c-icap Fix FTBFS with "newer" OpenSSL versions; rebuild against libclamav7
c-icap-modules Rebuild against libclamav7
calendarserver Fix POODLE; update zoneinfo to tzdata 2015g
clamav Avoid unaligned memory access; new upstream release
commons-httpclient Ensure HTTPS calls use http.socket.timeout during SSL Handshake [CVE-2015-5262]
dansguardian Rebuild against libclamav7
dbconfig-common Fix permission of PostgreSQL backup files
exfat-utils Fix buffer overflow and infinite loop
exim4 Fix defect in 89_02_Store-the-initial-working-directory.diff patch from the previous security upload
firebug Update for compatibility with newer Iceweasel versions
fuse-exfat Fix buffer overflow and infinite loop
giflib Bail out if Width > SWidth [CVE-2015-7555]
gummi Avoid predictable naming of temporary files [CVE 2015-7758]
iptables-persistent Stop rules files being world-readable
libclamunrar Rebuild for libclamav7
libdatetime-timezone-perl Update included data to tzdata 2016c
libhtml-scrubber-perl Fix cross-site scripting vulnerability in comments [CVE-2015-5667]
libiptables-parse-perl Fix use of predictable names for temporary files [CVE-2015-8326]
librsvg Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557]
libssh Fix "Double free on dangling pointers in initial key exchange packet" [CVE-2014-8132]; fix "null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets" [CVE-2015-3146]
linux Update to new upstream stable release 3.2.78; rt: update to 3.2.77-rt111; splice: sendfile() at once fails for big files; drm, agp: update to 3.4.110; ppp, slip: Validate VJ compression slot parameters completely [CVE-2015-7799]; KVM: svm: unconditionally intercept #DB [CVE-2015-8104];
live-tools Depend on initramfs-tools
maven2 Rebuild with libmaven2-core-java 2.2.1-8+deb7u1 to use a secure connection by default to download artifacts from the Maven Central repository
maven2-core Use a secure connection by default to download artifacts from the Maven Central repository
nvidia-graphics-drivers New upstream release [CVE-2015-5950]; new upstream legacy 304xx branch release 304.131 (2015-11-16); fix Unsanitized User Mode Input issue [CVE-2015-7869]
nvidia-graphics-modules Rebuild against nvidia-kernel-source 304.128; rebuild with nvidia-kernel-source 304.131
pykerberos Add KDC authenticity verification support [CVE-2015-3206]
python-clamav Rebuild against libclamav7
sendmail Properly set the close-on-exec flag for file descriptors before executing mailers [CVE-2014-3956]; fix an incorrect assertion in libmilter; add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2; fix A-only MX CNAME interface binding issues when using IPv6; raise MAXDAEMONS from 10 to 64; start sendmail after bind9 (or any other named) if it is installed; fix infinite loop in update_db
stk Install missing SKINI.{msg,tbl} include files
tzdata New upstream release
zendframework Fix entropy issue with captcha [ZF2015-09]
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<https://release.debian.org/proposed-updates/oldstable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
gnome-gmail Broken
libnsbmp Security issues, unmaintained
libnsgif Security issues, unmaintained
tlslite Unmaintained, outdated
vimperator Incompatible with newer iceweasel versions
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part