FYI
-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 62-1 https://www.debian.org/
debian-release@??? Adam D.
Barratt
October 13th, 2014
-------------------------------------------------------------------------
Upcoming Debian 7 Update (7.7)
An update to Debian 7 is scheduled for Saturday, October 18th, 2014. As
of now it will include the following bug fixes. They can be found in
"wheezy-proposed-updates", which is carried by all official mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying "debian-release@???" on your mails.
The point release will also include a rebuild of debian-
installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
at Only retain variables whose name
consists of alphanumerics and underscores, preventing jobs from failing
in case bash exports functions to the environment with the changes from
DSA-3035
axis Fix MITM attack on SSL caused by
incomplete fix for CVE-2012-5784 [CVE-2014-3596]
base-files Update for the point release
blender Fix illegal hardware instruction
ca-certificates Update Mozilla certificate bundle; fix
certdata2pem.py for multiple CAs using the same CKA_LABEL
debian-archive-keyring Add jessie stable release key
debian-installer Rebuild for the point release
debsums Suppress reporting conffiles which
were moved to a new package as modified in the old package
dwm Fix broken patch headers
eglibc Fix invalid file descriptor reuse
while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix
a localplt regression introduced in version 2.13-38+deb7u3
[CVE-2014-0475]; fix a memory leak with dlopen() and thread-local
storage variables; re-include all documentation, accidentally broken in
earlier uploads
exim4 Stop unwanted double expansion of
arguments to mathematical comparison operations [CVE-2014-2972]
flashplugin-nonfree Fix downgrade vulnerability, update
dependencies
foremost Fix invalid patch header
getfem++ Fix broken patch headers
gnubg Fix crash on "end game" when gnubg is
run with the -t option
hawtjni Fix /tmp race condition with arbitrary
code execution [CVE-2013-2035]
ipython Fix remote execution via cross origin
websocket [CVE-2014-3429]
iso-scan Do not error out when searching in
folders with shell-special characters in their name
keyutils Use the default compression level for
xz for binary packages
kvpm Fix invalid patch header
libdatetime-timezone-perl New upstream release
libplack-perl Avoid unintended file access due to
incorrect stripping of trailing slashes from provided paths [CVE-2014-5269]
libsnmp-session-perl Fix perl warnings with libsocket6-perl
installed
linux Update to upstream stable 3.2.63;
update drm and agp to 3.4.103; udf: avoid infinite loop when processing
indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket
len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to
pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco:
reject SB8x0 chips
live-config Disable SSH login at boot
nana Rebuild with debhelper from wheezy to
get rid of install-info calls in maintainer scripts; add dummy empty
prerm script to allow upgrading the package after is not available
net-snmp Fix "snmpd: produces error if the
Executables/scripts entries in snmpd.conf is over 50"; security fixes
[CVE-2014-2285 CVE-2014-3565 CVE-2012-6151]
netcfg Fix support for entering an ESSID manually
oss-compat Use softdep directives in the modprobe
configuration; remove oss-compat.conf when removing the package
perl Don't recurse infinitely in
Data::Dumper [CVE-2014-4330]
php-getid3 Improve fix for XXE security issue
[CVE-2014-2053]
postgresql-8.4 New upstream release
postgresql-9.1 New upstream release
proftpd-dfsg Fix overlapping buffer leading to SFTP
crashes and stalls
qlandkartegt Update user agent string
scotch Rebuild on amd64 to correct openmpi
dependency
supervisor Fix restart and formatting problems
with the init script
tor Use correct byte order when sending
the address of the chosen rendezvous point to a hidden service; update
IP address for the gabelmoo v3 directory authority
tzdata New upstream release
unattended-upgrades Add "oldstable" to the list of
accepted origins for security packages
virtinst Unbreak virtinst with newer python-libvirt
wireless-regdb New upstream release
witty Fix symlink to jPlayer skin Blue Monday
xdg-utils Use /bin/echo rather than echo -e in
xdg-mail
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<
https://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
ssdeep Undistributable
dicomnifti Depends on to-be-removed ctn
ctn Undistributable
ctsim Depends on to-be-removed ctn