Updated Debian 7: 7.6 released
July 12th, 2014
The Debian project is pleased to announce the sixth update of its
stable distribution Debian 7 (codename wheezy
).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is
no need to throw away old wheezy
CDs or DVDs but only to update
via an up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
apache2 | Support ECC keys and ECDH ciphers; mod_proxy: fix crashes under load; mod_dav: fix potential DoS [CVE-2013-6438]; mod_log_config: fix cookie logging |
apt-cacher-ng | Fix cross-site scripting via 403 responses [CVE-2014-4510] |
automake1.9-nonfree | Add empty prerm to ensure a clean upgrade path in case of install-info removal |
base-files | Update for the point release |
catfish | Fix regression from previous security update |
clamav | New upstream release; fix a crash while using clamscan |
cmus | Fix build failure related to the libmodplug upgrade in DSA 2751 |
cups | Fix XSS in the CUPS web interface; fix syntax errors in Hungarian templates |
cyrus-imapd-2.4 | Fix missing GUID for binary appends; fix broken nntpd |
dbus | Fix denial of service [CVE-2014-3477] |
duo-unix | Update upstream HTTPS certificates; improve support for SHA2 in HTTPS |
eglibc | Fix issues which could break dynamic linker on biarch systems; fix regression in IPv6 name resolution; fix February month name in de_AT locale; fix backtrace() on mips; fix nl_langinfo() when used in static binaries |
elib | Rebuild with current debhelper |
firebug | Take over xul-ext-firecookie, as firebug now provides all its functionality; remove copyrighted ICC profile |
hdf5 | Rebuild against current wheezy gfortran |
intel-microcode | Updated microcode; new upstream release |
ldns | Fix default permissions on private DNSKEYs generated by ldns-keygen [CVE-2014-3209] |
libdatetime-timezone-perl | New upstream release |
libdbi-perl | Remove dependency on to-be-removed libplrpc-perl |
libflickr-api-perl | Update URLs in line with upstream changes |
libjpeg6b | Fix memory disclosure vulnerabilities [CVE-2013-6629 CVE-2013-6630] |
libjpeg8 | Fix memory disclosure vulnerabilities [CVE-2013-6629 CVE-2013-6630] |
libopenobex | Fix segfault when transferring files |
maitreya | Replace font to avoid copyright issues |
mobile-broadband-provider-info | Update included data |
nostalgy | Add support for newer icedove versions |
openchange | Remove packages which depend on previously removed samba4 packages |
openssh | Restore patch to disable OpenSSL version check |
openssl | Don't prefer ECDHE_ECDSA with some Safari versions; actually restart the services when restart-without-asking is set |
policyd-weight | Fix infinite loop if resolver only reachable via IPv6 |
proftpd-mod-geoip | Remove useless and buggy proftpd-mod-geoip.postrm script |
py3dns | Fix timeouts associated with only one of several available nameservers being unavailable; correctly deal with source port already in use errors |
pydap | Add dapto namespace_packages in setup.py |
quassel | Fix certificate permissions |
scheme48 | Fix insecure use of temporary file [CVE-2014-4150] |
sieve-extension | Add support for newer icedove versions |
sks | Fix cross-site scripting [CVE-2014-3207]; improve Berkeley DB upgrade handling |
squid3 | Fix sporadic assertion failure under high load |
suds | Fix insecure creation of cache paths |
tor | New upstream release |
tzdata | New upstream release |
unbound | Fix crash when using DNSSEC and num-threads > 1 |
win32-loader | Update embedded dependencies |
wireless-regdb | Update data |
xmms2 | Fix build failure related to the libmodplug upgrade in DSA 2751 |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
whatsnewfm | Obsolete as freecode.com no longer accepting submissions |
libplrpc-perl | Security issues |
firecookie | Obsolete; superseded by firebug |
freecode-submit | Obsolete as freecode.com no longer accepting submissions |
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.