[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 100-1] Upcoming Debian 7 Update (7.11)

Debian Stable Updates Announcement SUA 100-1      https://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
May 30th, 2016

Upcoming Debian 7 Update (7.11)

The final update to Debian 7 is scheduled for Saturday, June 4th, 2016.
As of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org before
the end-of-life for wheezy are not listed, but will be included if
possible. Some of the updates below are also already available through

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    base-files                    Update for the point release
    dpkg                          Remove trailing space before handling blank line dot-separator in
                                  Dpkg::Control::HashCore - regression introduced in dpkg 1.16.16; only use
                                  the SHELL environment variable for interactive shells; move tar option
                                  --no-recursion before -T in dpkg-deb; initialize Config-Version also for
                                  packages previously in triggers-pending state; fix memory leak in dpkg
                                  infodb format upgrade logic; fix physical file offset comparison in dpkg
    groovy                        Fix remote execution of untrusted code and possible DoS vulnerability
    gtk+3.0                       Fix integer overflow when allocating a large block of memory in
                                  gdk_cairo_set_source_pixbuf [CVE-2013-7447]
    highlight                     Avoid segfault with undefined syntax
    icecast2                      Security fix [CVE-2014-9018]
    libcrypto++                   Fix Rijndael timing attack counter measure [CVE-2016-3995]
    libdatetime-timezone-perl     Update to tzdata 2016d
    openldap                      Disable the back-mdb test suite on powerpc to work around back-mdb tests
                                  failing on buildds running the jessie ppc64 kernel, which uses 64KB pages
    optipng                       Fix use-after-free vulnerability [CVE-2015-7801]
    postgresql-9.1                New upstream release
    tzdata                        New upstream version
    xapian-core                   Fix possible database corruption, especially with recoll
    zendframework                 Fix regression from ZF2015-08: binary data corruption; fix ZF2016-01:
                                  Potential Insufficient Entropy Vulnerability in ZF1

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: