-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 44-1 http://www.debian.org/
debian-release@??? Adam D. Barratt
February 5th, 2014
-------------------------------------------------------------------------
Upcoming Debian GNU/Linux 7 Update (7.4)
An update to Debian GNU/Linux 7 is scheduled for Saturday, February 8th,
2014. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official
mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@??? on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apache2 Fix mod_rewrite log escaping
(CVE-2013-1862), mod_dav denial of service (CVE-2013-1896) and segfaults
in certain error conditions
base-files Update for the point release
ctdb Fix service stop and restart
failing when trying to remove a public IP address not assigned locally
debian-handbook Update for wheezy
debian-installer Rebuild for the point release
eglibc Several security fixes; fix
SIGFPE when locale-archive has been corrupted to all zeros; kfreebsd:
always put supplied extra gid as the first entry of group list in
setgroups(); fix sys_ktimer_settime
gatling Restore compatibility with
PolarSSL security update
gnash Fix playing youtube movies using
the ffmpeg media handler
kexec-tools Handle x.y kernel versions
kfreebsd-8 Several security fixes
kfreebsd-9 Disable VIA hardware RNG by
default; fix lseek ENXIO error condition with ZFS
lazr.restfulclient Fix some concurrency issues
libapache2-mod-rpaf Restore accidentally dropped ipv6
patch
libglib-object-introspection-perl Fix incorrect memory allocation
that causes segfaults in reverse-dependencies
libhtml-formhandler-perl Fix FTBFS
libmicrohttpd Various security issues
libnet-mac-vendor-perl Fix FTBFS due to failing
t/fetch_oui.t test
libotr Disable insecure OTRv1 protocol
linux Various security fixes; update to
stable 3.2.54; update drm, agp to 3.4.76; fix CVE-2013-4579,
CVE-2013-6368, CVE-2014-1446
localepurge Fix CVE-2014-1638, unsafe
tempfile creation
lxc Use latest upstream provided
lxc-debian; add rsync to Recommends
mapserver Fix CVE-2013-7262, an SQL
injection vulnerability in the msPostGISLayerSetTimeFilter function
nut Reset USB timeout to standard 5
seconds
openssl Enable assembler for the arm
targets; enable ec_nistp_64_gcc_128 on *-amd64
pdns Fix lengths of the
records.content and supermasters.ip columns
ruby-gsl Remove non-free documentation
ruby-opengl Remove example with unclear license
rush Fix CVE-2013-6889, file access
escalation
samhain Disable dnmalloc for all
architectures expect those known to work; fix mail sending from default
configuration
spip Fix XSS on signature from author
[CVE-2013-7303]
tuxguitar Update list of supported
xulrunner versions
tzdata New upstream release
vips Fix crash on tiff with jpeg
compression
wget Add support for SNI
whois New upstream release; update
various TLDs
xfce4-weather-plugin Fix abort when <hi> element is empty
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<
http://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
iceape Security support removed
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@???.
