Updated Debian 7: 7.2 released
October 12th, 2013
The Debian project is pleased to announce the second update of its
stable distribution Debian 7 (codename wheezy
).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is
no need to throw away older wheezy
CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
adblock-plus | Declare compatibility with more recent Iceweasel versions |
apr | Don't override CFLAGS and LDFLAGS during build. This fixes the debug information being useless |
atlas | Add Breaks: octave3.2 to try and improve some squeeze to wheezy upgrade paths |
base-files | Update version for point release |
coherence | Fix incompatibilities with newer Twisted releases |
cookie-monster | Declare compatibility with newer iceweasel versions |
cups | Dnssd backend: don't crash if avahi gives a callback with no TXT record |
curl | Fix reporting of CURLINFO_CONDITION_UNMET |
debian-edu | Update from debian-edu-wheezy; remove chmsee Recommends |
debian-edu-artwork | Update from debian-edu-wheezy |
debian-edu-doc | Update from debian-edu-wheezy |
debian-edu-install | Update from debian-edu-wheezy |
devscripts | Fix build-rdeps to work with Wheezy being stable |
dkimpy | Fix Gmail signature verification failures due to improper FWS regular expression |
dpkg | Fix performance issue by correctly caching variables in Dpkg::Arch; fix chmod() arguments order in Dpkg::Source::Quilt; only ignore older packages if the existing version is informative; fix user after free; fix usage of non-existent _() function in multiple places of the Perl code; add Italian man-page translation |
emboss-explorer | Fix application menu when used with EMBOSS 6.4 |
fai | Fix path to dpkg-divert; fix nfsroot package list; lib/task_sysinfo: make sure device is a valid block device before accessing it; documentation updates |
firecookie | Declare compatibility with newer iceweasel versions |
firetray | Restore compatibility with newer iceweasel versions |
flash-kernel | Machine database is case-sensitive so ensure that all instances of Required-Packagesare capitalized correctly |
foxyproxy | Declare compatibility with more recent Mozilla software |
freetds | Make libiodbc Breaks versioned now that it can load multiarch drivers |
fwknop | Fixed failure to send SPA packets due to uninitialised variable |
gajim | Improve SSL/TLS handling; fix certificate validation |
ghostscript | Fix endless loops related to unbalanced q/Q operators |
glusterfs | Fix use of ext4 backend with linux>= 3.2.46-1+deb7u1 |
gnome-settings-daemon | Stop installing security updates without confirmation |
gnome-shell | Improve GC deadlock handling; make the disable-restart-buttonsoption of gdm-shell work |
gosa | Fix LDAP mass import |
grub2 | Fix booting FreeBSD>= 9.1 amd64 kernels |
gxine | Switch to libmozjs185-dev as the package fails to build with newer versions of libmozjs-dev |
ibus | Fix ibus-setup breakage by setting all related packages to use --libexec=/usr/lib/ibus |
ibus-anthy | Fix libexecdir; add python-glade2 to Depends |
ibus-hangul | Fix libexecdir |
ibus-m17n | Fix libexecdir |
ibus-pinyin | Fix libexecdir |
ibus-skk | Fix libexecdir |
ibus-sunpinyin | Fix libexecdir |
ibus-xkbc | Fix libexecdir |
iceweasel | Fix builds on several architectures |
ifmetric | Fix NETLINK: Packet too small or truncated!error |
intel-microcode | Update microcode |
iso-scan | Fix full search entry when no ISOs are found |
kfreebsd-downloader | Switch to people.debian.org URL for kernel.txz download; the old location no longer works |
krb5-auth-dialog | Fix krb5_principal_compare crashes on NULL arguments |
lftp | Fix splits input script file after byte 4096 |
libdatetime-timezone-perl | New upstream release |
libdigest-sha-perl | Fix double-free when Digest::SHA object is destroyed |
libmodule-metadata-perl | Don't claim not to execute code |
libmodule-signature-perl | CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE |
libquvi-scripts | New upstream release |
libvirt | Fix libvirtd crash when destroying a domain with attached console and race condition when destroying guests; make sure qemu.conf isn't world readable by default |
linux | Update to 3.2.51 / drm/agp 3.4.6; disable SATA_INIC162X driver; improve efivars free space check |
lm-sensors | Skip probing for EDID or graphics cards, as it might cause hardware issues |
lvm2 | Fix udev rules to properly exclude special devices and always call udev sync |
mapserver | Fix strict Content-Type matching; correctly enable AGG support |
mdbtools | Version libiodbc Breaks now that it can load multiarch drivers; fix SEGV in blob data handling; fix double free SEGV in gmdb2 dissector |
meta-gnome3 | Demote xul-ext-adblock-plus to Suggests |
moin | Avoid creation of empty pagedir |
multipath-tools | Fix upstream copy of kpartx rules; call PREREQS before calling scripts/functions; don't plain exit if root is on multipath device |
mutt | Stop segfaulting when listing folders with new mails over imap; don't send saved messages to trash |
myodbc | Version libiodbc Breaks now that it can load multiarch drivers |
netcfg | Fix check for whether network-manager is installed |
nmap | Sanitise filenames to fix CVE-2013-4885 (remote arbitrary file creation vulnerability) |
openvpn | Fix regression with multihomeoption |
openvrml | Disable JavaScript support as newer versions of Mozilla's JS engine are not supported by openvrml |
openvswitch | Reset upper layer protocol info on internal devices |
perl | Fix Digest::SHA double-free crash; fix issue with shared references disappearing on sub return; apply correctness patches from 5.14.4 |
perspectives-extension | Fix calculation of quorum length with low number of notaries and/or low quorum percentage |
php5 | Fix several issues relating to traits; don't reset mod_user_is_open in destroy to avoid an annoying warning when using sessions |
postgresql-common | Handle wheezy point release versions |
pyopencl | Remove non-free file from examples |
python-defaults | Add symlink for /usr/bin/python2, used by various non-distro scripts |
python-dns | Fix timeouts associated with only one of several available nameservers being unavailable |
python-httplib2 | Fix CVE-2013-2037; close connection on certificate mismatch to avoid reuse |
python-keystoneclient | Fix CVE-2013-2013: OpenStack keystone password disclosure on command line |
redmine | Fix ruby 1.9.1 support |
rt-tests | Fix hackbench on armhf |
rygel | Prevent autostart of rygel by default; the default configuration file exposes files to the LAN |
sage-extension | Fix compability with iceweasel 17; ensure that links in the main window are clickable |
samba | Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation |
shotwell | Fix crash at startup |
shutdown-at-night | Stop client wake-up cron job complaining about unpingable machines |
sitesummary | Fix robustness and kernel version parsing in nagios plugin |
slbackup-php | Fix non-HTTPS logins; don't assume a backuphost exists in DNS; search for configuration file in a package-specific folder |
smbldap-tools | Use correct name for net(8); fix qw() warning |
stellarium | Prevent segfault when OpenGL is not present |
subversion | Fix Python bindings when built against swig 2.0.5+ |
sysvinit | Correct the Breaks on bootchart to ensure that all broken versions are removed on upgrade |
telepathy-gabble | Work around Facebook server behaviour change with service discovery; initialize libdbus for thread-safety; fix potential FTBFS in highly-parallel builds |
telepathy-idle | Validate TLS certificates |
tntnet | Fix insecure default tntnet.conf |
torrus | Fix SNMPv1 maxrepetitions issues |
trac | New upstream stable release |
ttytter | Update to work with the Twitter 1.1 API |
tzdata | New upstream release |
user-mode-linux | Rebuild against linux 3.2.51-1 |
uwsgi | Fix loading of nagios plugin |
virtinst | Don't specify absolute paths to xen tools; virt-clone: properly set image type |
wv2 | Repack to remove src/generator/generator_wword{6,8}.htm, which should have been removed in earlier uploads |
xinetd | Fix CVE-2013-4342 making TCPMUX services change the uid |
xmonad-contrib | Fix CVE-2013-1436 |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-2698 | tiff | Buffer overflow |
DSA-2699 | iceweasel | Multiple issues |
DSA-2700 | wireshark | Multiple issues |
DSA-2701 | krb5 | Denial of service |
DSA-2704 | mesa | Out of bounds access |
DSA-2705 | pymongo | Denial of service |
DSA-2706 | chromium-browser | Multiple issues |
DSA-2707 | dbus | Denial of service |
DSA-2708 | fail2ban | Denial of service |
DSA-2709 | wireshark | Multiple issues |
DSA-2710 | xml-security-c | Multiple issues |
DSA-2712 | otrs2 | Privilege escalation |
DSA-2713 | curl | Heap overflow |
DSA-2714 | kfreebsd-9 | Programming error |
DSA-2715 | puppet | Code execution |
DSA-2716 | iceweasel | Multiple issues |
DSA-2717 | xml-security-c | Heap overflow |
DSA-2718 | wordpress | Multiple issues |
DSA-2721 | nginx | Nginx security update |
DSA-2723 | php5 | Heap corruption |
DSA-2724 | chromium-browser | Multiple issues |
DSA-2725 | tomcat6 | Multiple issues |
DSA-2726 | php-radius | Buffer overflow |
DSA-2728 | bind9 | Denial of service |
DSA-2729 | openafs | Multiple issues |
DSA-2730 | gnupg | Information leak |
DSA-2731 | libgcrypt11 | Information leak |
DSA-2732 | chromium-browser | Multiple issues |
DSA-2733 | otrs2 | SQL injection |
DSA-2734 | wireshark | Multiple issues |
DSA-2735 | iceweasel | Multiple issues |
DSA-2736 | putty | Multiple issues |
DSA-2737 | swift | Multiple issues |
DSA-2739 | cacti | Multiple issues |
DSA-2740 | python-django | Regression |
DSA-2741 | chromium-browser | Multiple issues |
DSA-2742 | php5 | Interpretation conflict |
DSA-2743 | kfreebsd-9 | Multiple issues |
DSA-2744 | tiff | Multiple issues |
DSA-2745 | linux | Multiple issues |
DSA-2745 | user-mode-linux | Multiple issues |
DSA-2747 | cacti | Multiple issues |
DSA-2748 | exactimage | Denial of service |
DSA-2750 | imagemagick | Buffer overflow |
DSA-2751 | libmodplug | Multiple issues |
DSA-2752 | phpbb3 | Too wide permissions |
DSA-2753 | mediawiki | Cross-site request forgery token disclosure |
DSA-2754 | exactimage | Denial of service |
DSA-2755 | python-django | Directory traversal |
DSA-2756 | wireshark | Multiple issues |
DSA-2758 | python-django | Denial of service |
DSA-2759 | iceweasel | Multiple issues |
DSA-2760 | chrony | Multiple issues |
DSA-2761 | puppet | Multiple issues |
DSA-2763 | pyopenssl | Hostname check bypassing |
DSA-2764 | libvirt | Programming error |
DSA-2765 | davfs2 | Privilege escalation |
DSA-2767 | proftpd-dfsg | Denial of service |
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
chmsee | Fails to build with Iceweasel 17 |
dactyl | Incompatible with Iceweasel 17 |
edbrowse | Incompatible with Iceweasel 17 |
jclicmoodle | Requires missing moodle |
pyxpcom | Incompatible with Iceweasel 17 |
turpial | Broken by Twitter changes |
Debian Installer
The installer has been updated to add support for QNAP TS-12x, TS-22x
and TS-42x devices, to correctly detect whether network interfaces
should be managed via NetworkManager
and to include the fixes
incorporated into stable by the point release.
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.