[Freepto] Upcoming Debian 7 Update (7.7)

Nachricht löschen

Nachricht beantworten
Autor: vinc3nt
Datum:  
To: freepto
Betreff: [Freepto] Upcoming Debian 7 Update (7.7)
FYI


-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 62-1       https://www.debian.org/
debian-release@???                           Adam D.
Barratt
October 13th, 2014
-------------------------------------------------------------------------


Upcoming Debian 7 Update (7.7)

An update to Debian 7 is scheduled for Saturday, October 18th, 2014. As
of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@???" on your mails.

The point release will also include a rebuild of debian-
installer.

Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

    Package                       Reason


    at                            Only retain variables whose name
consists of alphanumerics and underscores, preventing jobs from failing
in case bash exports functions to the environment with the changes from
DSA-3035
    axis                          Fix MITM attack on SSL caused by
incomplete fix for CVE-2012-5784 [CVE-2014-3596]
    base-files                    Update for the point release
    blender                       Fix illegal hardware instruction
    ca-certificates               Update Mozilla certificate bundle; fix
certdata2pem.py for multiple CAs using the same CKA_LABEL
    debian-archive-keyring        Add jessie stable release key
    debian-installer              Rebuild for the point release
    debsums                       Suppress reporting conffiles which
were moved to a new package as modified in the old package
    dwm                           Fix broken patch headers
    eglibc                        Fix invalid file descriptor reuse
while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix
a localplt regression introduced in version 2.13-38+deb7u3
[CVE-2014-0475]; fix a memory leak with dlopen() and thread-local
storage variables; re-include all documentation, accidentally broken in
earlier uploads
    exim4                         Stop unwanted double expansion of
arguments to mathematical comparison operations [CVE-2014-2972]
    flashplugin-nonfree           Fix downgrade vulnerability, update
dependencies
    foremost                      Fix invalid patch header
    getfem++                      Fix broken patch headers
    gnubg                         Fix crash on "end game" when gnubg is
run with the -t option
    hawtjni                       Fix /tmp race condition with arbitrary
code execution [CVE-2013-2035]
    ipython                       Fix remote execution via cross origin
websocket [CVE-2014-3429]
    iso-scan                      Do not error out when searching in
folders with shell-special characters in their name
    keyutils                      Use the default compression level for
xz for binary packages
    kvpm                          Fix invalid patch header
    libdatetime-timezone-perl     New upstream release
    libplack-perl                 Avoid unintended file access due to
incorrect stripping of trailing slashes from provided paths [CVE-2014-5269]
    libsnmp-session-perl          Fix perl warnings with libsocket6-perl
installed
    linux                         Update to upstream stable 3.2.63;
update drm and agp to 3.4.103; udf: avoid infinite loop when processing
indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket
len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to
pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco:
reject SB8x0 chips
    live-config                   Disable SSH login at boot
    nana                          Rebuild with debhelper from wheezy to
get rid of install-info calls in maintainer scripts; add dummy empty
prerm script to allow upgrading the package after is not available
    net-snmp                      Fix "snmpd: produces error if the
Executables/scripts entries in snmpd.conf is over 50"; security fixes
[CVE-2014-2285 CVE-2014-3565 CVE-2012-6151]
    netcfg                        Fix support for entering an ESSID manually
    oss-compat                    Use softdep directives in the modprobe
configuration; remove oss-compat.conf when removing the package
    perl                          Don't recurse infinitely in
Data::Dumper [CVE-2014-4330]
    php-getid3                    Improve fix for XXE security issue
[CVE-2014-2053]
    postgresql-8.4                New upstream release
    postgresql-9.1                New upstream release
    proftpd-dfsg                  Fix overlapping buffer leading to SFTP
crashes and stalls
    qlandkartegt                  Update user agent string
    scotch                        Rebuild on amd64 to correct openmpi
dependency
    supervisor                    Fix restart and formatting problems
with the init script
    tor                           Use correct byte order when sending
the address of the chosen rendezvous point to a hidden service; update
IP address for the gabelmoo v3 directory authority
    tzdata                        New upstream release
    unattended-upgrades           Add "oldstable" to the list of
accepted origins for security packages
    virtinst                      Unbreak virtinst with newer python-libvirt
    wireless-regdb                New upstream release
    witty                         Fix symlink to jPlayer skin Blue Monday
    xdg-utils                     Use /bin/echo rather than echo -e in
xdg-mail


A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<https://release.debian.org/proposed-updates/stable.html>

Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

    Package                    Reason


    ssdeep              Undistributable
    dicomnifti          Depends on to-be-removed ctn
    ctn                 Undistributable
    ctsim               Depends on to-be-removed ctn