[Freepto] Upcoming Debian 7 Update (7.6)

Delete this message

Reply to this message
Author: vinc3nt
Date:  
To: freepto
Subject: [Freepto] Upcoming Debian 7 Update (7.6)

Resent-Date: Mon, 7 Jul 2014 22:56:24 +0000 (UTC)
Resent-From: debian-stable-announce@???

-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 60-1        http://www.debian.org/
debian-release@???                           Adam D. Barratt
July 7th, 2014
-------------------------------------------------------------------------


Upcoming Debian 7 Update (7.6)

An update to Debian 7 is scheduled for Saturday, July 12th,
2014. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official
mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@???" on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

    Package                         Reason


    apache2                         Support ECC keys and ECDH ciphers;
mod_proxy: fix crashes under load; mod_dav: fix potential DoS
[CVE-2013-6438]; mod_log_config: fix cookie logging
    apt-cacher-ng                   Fix cross-site scripting via 403
responses [CVE-2014-4510]
    automake1.9-nonfree             Add empty prerm to ensure a clean
upgrade path in case of install-info removal
    base-files                      Update for the point release
    catfish                         Fix regression from previous
security update
    clamav                          New upstream release; fix a crash
while using clamscan
    cmus                            Fix build failure related to the
libmodplug upgrade in DSA 2751
    cups                            Fix XSS in the CUPS web interface;
fix syntax errors in Hungarian templates
    cyrus-imapd-2.4                 Fix missing GUID for binary appends;
fix broken nntpd
    dbus                            Fix denial of service [CVE-2014-3477]
    duo-unix                        Update upstream HTTPS certificates;
improve support for SHA2 in HTTPS
    eglibc                          Fix issues which could break dynamic
linker on biarch systems; fix regression in IPv6 name resolution; fix
February month name in de_AT locale; fix backtrace() on mips; fix
nl_langinfo() when used in static binaries
    elib                            Rebuild with current debhelper
    firebug                         Take over xul-ext-firecookie, as
firebug now provides all its functionality; remove copyrighted ICC profile
    hdf5                            Rebuild against current wheezy gfortran
    intel-microcode                 Updated microcode
    ldns                            Fix default permissions on private
DNSKEYs generated by ldns-keygen [CVE-2014-3209]
    libdatetime-timezone-perl       New upstream release
    libdbi-perl                     Remove dependency on to-be-removed
libplrpc-perl
    libflickr-api-perl              Update URLs in line with upstream
changes
    libjpeg6b                       Fix memory disclosure
vulnerabilities [CVE-2013-6629 CVE-2013-6630]
    libjpeg8                        Fix memory disclosure
vulnerabilities [CVE-2013-6629 CVE-2013-6630]
    libopenobex                     Fix segfault when transferring files
    linux                           Update to stable 3.2.60, drm/agp
3.4.92, rt 3.2.60-rt87; security fixes [CVE-2014-3940 CVE-2014-3917
CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654, CVE-2014-4655
CVE-2014-4656 CVE-2014-4027]
    maitreya                        Replace font to avoid copyright issues
    mobile-broadband-provider-info  Update included data
    nostalgy                        Add support for newer icedove versions
    openchange                      Remove packages which depend on
previously removed samba4 packages
    openssh                         Restore patch to disable OpenSSL
version check
    openssl                         Don't prefer ECDHE_ECDSA with some
Safari versions; actually restart the services when
restart-without-asking is set
    policyd-weight                  Fix infinite loop if resolver only
reachable via IPv6
    proftpd-mod-geoip               Remove useless and buggy
proftpd-mod-geoip.postrm script
    py3dns                          Fix timeouts associated with only
one of several available nameservers being unavailable; correctly deal
with source port already in use errors
    pydap                           Add "dap" to namespace_packages in
setup.py
    quassel                         Fix certificate permissions
    scheme48                        Fix insecure use of temporary file
[CVE-2014-4150]
    sieve-extension                 Add support for newer icedove versions
    sks                             Fix cross-site scripting
[CVE-2014-3207]; improve Berkeley DB upgrade handling
    squid3                          Fix sporadic assertion failure under
high load
    suds                            Fix unsecure creation of cache paths
    tor                             New upstream release
    tzdata                          New upstream release
    unbound                         Fix crash when using DNSSEC and
num-threads > 1
    wireless-regdb                  Update database
    xmms2                           Fix build failure related to the
libmodplug upgrade in DSA 2751


A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<http://release.debian.org/proposed-updates/stable.html>

Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

    Package                    Reason


    whatsnewfm          Obsolete as freecode.com no longer accepting
submissions
    libplrpc-perl       Security issues
    firecookie          Obsolete; superseded by firebug
    freecode-submit     Obsolete as freecode.com no longer accepting
submissions



If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at "debian-release@???".