------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 93-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt March 28th, 2016 ------------------------------------------------------------------------- Upcoming Debian 7 Update (7.10) An update to Debian 7 is scheduled for Saturday, April 2nd, 2016. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying "debian-release@lists.debian.org" on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason amd64-microcode Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch aptdaemon Security fix [CVE-2015-1323] base-files Update for the point release c-icap Fix FTBFS with "newer" OpenSSL versions; rebuild against libclamav7 c-icap-modules Rebuild against libclamav7 calendarserver Fix POODLE; update zoneinfo to tzdata 2015g clamav Avoid unaligned memory access; new upstream release commons-httpclient Ensure HTTPS calls use http.socket.timeout during SSL Handshake [CVE-2015-5262] dansguardian Rebuild against libclamav7 dbconfig-common Fix permission of PostgreSQL backup files exfat-utils Fix buffer overflow and infinite loop exim4 Fix defect in 89_02_Store-the-initial-working-directory.diff patch from the previous security upload firebug Update for compatibility with newer Iceweasel versions fuse-exfat Fix buffer overflow and infinite loop giflib Bail out if Width > SWidth [CVE-2015-7555] gummi Avoid predictable naming of temporary files [CVE 2015-7758] iptables-persistent Stop rules files being world-readable libclamunrar Rebuild for libclamav7 libdatetime-timezone-perl Update included data to tzdata 2016c libhtml-scrubber-perl Fix cross-site scripting vulnerability in comments [CVE-2015-5667] libiptables-parse-perl Fix use of predictable names for temporary files [CVE-2015-8326] librsvg Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557] libssh Fix "Double free on dangling pointers in initial key exchange packet" [CVE-2014-8132]; fix "null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets" [CVE-2015-3146] linux Update to new upstream stable release 3.2.78; rt: update to 3.2.77-rt111; splice: sendfile() at once fails for big files; drm, agp: update to 3.4.110; ppp, slip: Validate VJ compression slot parameters completely [CVE-2015-7799]; KVM: svm: unconditionally intercept #DB [CVE-2015-8104]; live-tools Depend on initramfs-tools maven2 Rebuild with libmaven2-core-java 2.2.1-8+deb7u1 to use a secure connection by default to download artifacts from the Maven Central repository maven2-core Use a secure connection by default to download artifacts from the Maven Central repository nvidia-graphics-drivers New upstream release [CVE-2015-5950]; new upstream legacy 304xx branch release 304.131 (2015-11-16); fix Unsanitized User Mode Input issue [CVE-2015-7869] nvidia-graphics-modules Rebuild against nvidia-kernel-source 304.128; rebuild with nvidia-kernel-source 304.131 pykerberos Add KDC authenticity verification support [CVE-2015-3206] python-clamav Rebuild against libclamav7 sendmail Properly set the close-on-exec flag for file descriptors before executing mailers [CVE-2014-3956]; fix an incorrect assertion in libmilter; add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2; fix A-only MX CNAME interface binding issues when using IPv6; raise MAXDAEMONS from 10 to 64; start sendmail after bind9 (or any other named) if it is installed; fix infinite loop in update_db stk Install missing SKINI.{msg,tbl} include files tzdata New upstream release zendframework Fix entropy issue with captcha [ZF2015-09] A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/oldstable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason gnome-gmail Broken libnsbmp Security issues, unmaintained libnsgif Security issues, unmaintained tlslite Unmaintained, outdated vimperator Incompatible with newer iceweasel versions If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at "debian-release@lists.debian.org".
Attachment:
signature.asc
Description: This is a digitally signed message part