-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 100-1 https://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
May 30th, 2016
-------------------------------------------------------------------------
Upcoming Debian 7 Update (7.11)
The final update to Debian 7 is scheduled for Saturday, June 4th, 2016.
As of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org before
the end-of-life for wheezy are not listed, but will be included if
possible. Some of the updates below are also already available through
"wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
Package Reason
base-files Update for the point release
dpkg Remove trailing space before handling blank line dot-separator in
Dpkg::Control::HashCore - regression introduced in dpkg 1.16.16; only use
the SHELL environment variable for interactive shells; move tar option
--no-recursion before -T in dpkg-deb; initialize Config-Version also for
packages previously in triggers-pending state; fix memory leak in dpkg
infodb format upgrade logic; fix physical file offset comparison in dpkg
groovy Fix remote execution of untrusted code and possible DoS vulnerability
[CVE-2015-3253]
gtk+3.0 Fix integer overflow when allocating a large block of memory in
gdk_cairo_set_source_pixbuf [CVE-2013-7447]
highlight Avoid segfault with undefined syntax
icecast2 Security fix [CVE-2014-9018]
libcrypto++ Fix Rijndael timing attack counter measure [CVE-2016-3995]
libdatetime-timezone-perl Update to tzdata 2016d
openldap Disable the back-mdb test suite on powerpc to work around back-mdb tests
failing on buildds running the jessie ppc64 kernel, which uses 64KB pages
optipng Fix use-after-free vulnerability [CVE-2015-7801]
postgresql-9.1 New upstream release
tzdata New upstream version
xapian-core Fix possible database corruption, especially with recoll
zendframework Fix regression from ZF2015-08: binary data corruption; fix ZF2016-01:
Potential Insufficient Entropy Vulnerability in ZF1
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<https://release.debian.org/proposed-updates/oldstable.html>
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part