------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 100-1 https://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt May 30th, 2016 ------------------------------------------------------------------------- Upcoming Debian 7 Update (7.11) The final update to Debian 7 is scheduled for Saturday, June 4th, 2016. As of now it will include the following bug fixes. They can be found in "wheezy-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org before the end-of-life for wheezy are not listed, but will be included if possible. Some of the updates below are also already available through "wheezy-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying debian-release@lists.debian.org on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason base-files Update for the point release dpkg Remove trailing space before handling blank line dot-separator in Dpkg::Control::HashCore - regression introduced in dpkg 1.16.16; only use the SHELL environment variable for interactive shells; move tar option --no-recursion before -T in dpkg-deb; initialize Config-Version also for packages previously in triggers-pending state; fix memory leak in dpkg infodb format upgrade logic; fix physical file offset comparison in dpkg groovy Fix remote execution of untrusted code and possible DoS vulnerability [CVE-2015-3253] gtk+3.0 Fix integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf [CVE-2013-7447] highlight Avoid segfault with undefined syntax icecast2 Security fix [CVE-2014-9018] libcrypto++ Fix Rijndael timing attack counter measure [CVE-2016-3995] libdatetime-timezone-perl Update to tzdata 2016d openldap Disable the back-mdb test suite on powerpc to work around back-mdb tests failing on buildds running the jessie ppc64 kernel, which uses 64KB pages optipng Fix use-after-free vulnerability [CVE-2015-7801] postgresql-9.1 New upstream release tzdata New upstream version xapian-core Fix possible database corruption, especially with recoll zendframework Fix regression from ZF2015-08: binary data corruption; fix ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1 A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <https://release.debian.org/proposed-updates/oldstable.html> If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part