Updated Debian 7: 7.7 released

October 18th, 2014

The Debian project is pleased to announce the seventh update of its stable distribution Debian 7 (codename wheezy). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package	Reason
at	Only retain variables whose name consists of alphanumerics and underscores, preventing jobs from failing in case bash exports functions to the environment with the changes from DSA-3035
axis	Fix MITM attack on SSL caused by incomplete fix for CVE-2012-5784 [CVE-2014-3596]
base-files	Update for the point release
blender	Fix illegal hardware instruction
ca-certificates	Update Mozilla certificate bundle; fix certdata2pem.py for multiple CAs using the same CKA_LABEL
debian-archive-keyring	Add jessie stable release key
debian-installer	Rebuild for the point release
debian-installer-netboot-images	Update to 20130613+deb7u2+b3 images
debsums	Suppress reporting conffiles which were moved to a new package as modified in the old package
dwm	Fix broken patch headers
eglibc	Fix invalid file descriptor reuse while sending DNS query; fix stack overflow issues [CVE-2013-4357]; fix a localplt regression introduced in version 2.13-38+deb7u3 [CVE-2014-0475]; fix a memory leak with dlopen() and thread-local storage variables; re-include all documentation, accidentally broken in earlier uploads
exim4	Stop unwanted double expansion of arguments to mathematical comparison operations [CVE-2014-2972]
flashplugin-nonfree	Fix downgrade vulnerability, update dependencies
foremost	Fix invalid patch header
getfem++	Fix broken patch headers
gnubg	Fix crash on end game when gnubg is run with the -t option
hawtjni	Fix /tmp race condition with arbitrary code execution [CVE-2013-2035]
ipython	Fix remote execution via cross origin websocket [CVE-2014-3429]
iso-scan	Do not error out when searching in folders with shell-special characters in their name
keyutils	Use the default compression level for xz for binary packages
kvpm	Fix invalid patch header
libdatetime-timezone-perl	New upstream release
libplack-perl	Avoid unintended file access due to incorrect stripping of trailing slashes from provided paths [CVE-2014-5269]
libsnmp-session-perl	Fix perl warnings with libsocket6-perl installed
linux	Update to upstream stable 3.2.63; update drm and agp to 3.4.103; udf: avoid infinite loop when processing indirect ICBs [CVE-2014-6410]; libceph: do not hard code max auth ticket len [CVE-2014-6416 CVE-2014-6417 CVE-2014-6418]; add pata_rdc to pata-modules udeb and virtio_scsi to virtio-modules udeb; sp5100_tco: reject SB8x0 chips
live-config	Disable SSH login at boot
nana	Rebuild with debhelper from wheezy to get rid of install-info calls in maintainer scripts; add dummy empty prerm script to allow upgrading the package after is not available
net-snmp	Fix snmpd: produces error if the Executables/scripts entries in snmpd.conf is over 50; security fixes [CVE-2014-2285 CVE-2014-3565 CVE-2012-6151]
netcfg	Fix support for entering an ESSID manually
oss-compat	Use softdep directives in the modprobe configuration; remove oss-compat.conf when removing the package
perl	Don't recurse infinitely in Data::Dumper [CVE-2014-4330]
php-getid3	Improve fix for XXE security issue [CVE-2014-2053]
postgresql-8.4	New upstream release
postgresql-9.1	New upstream release
proftpd-dfsg	Fix overlapping buffer leading to SFTP crashes and stalls
qlandkartegt	Update user agent string
scotch	Rebuild on amd64 to correct openmpi dependency
supervisor	Fix restart and formatting problems with the init script
tor	Use correct byte order when sending the address of the chosen rendezvous point to a hidden service; update IP address for the gabelmoo v3 directory authority
tzdata	New upstream release
unattended-upgrades	Add oldstable to the list of accepted origins for security packages
virtinst	Unbreak virtinst with newer python-libvirt
wireless-regdb	New upstream release
witty	Fix symlink to jPlayer skin Blue Monday
xdg-utils	Use /bin/echo rather than echo -e in xdg-mail

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID	Package
DSA-2765	davfs2
DSA-2926	linux
DSA-2940	libstruts1.2-java
DSA-2949	linux
DSA-2972	linux
DSA-2973	vlc
DSA-2974	php5
DSA-2975	phpmyadmin
DSA-2976	eglibc
DSA-2977	libav
DSA-2978	libxml2
DSA-2979	fail2ban
DSA-2981	polarssl
DSA-2982	ruby-activerecord-3.2
DSA-2983	drupal7
DSA-2984	acpi-support
DSA-2985	mysql-5.5
DSA-2988	transmission
DSA-2989	apache2
DSA-2990	cups
DSA-2991	modsecurity-apache
DSA-2992	linux
DSA-2993	tor
DSA-2994	nss
DSA-2995	lzo2
DSA-2997	reportbug
DSA-2998	openssl
DSA-2999	drupal7
DSA-3000	krb5
DSA-3001	wordpress
DSA-3002	wireshark
DSA-3003	libav
DSA-3004	kde4libs
DSA-3005	gpgme1.0
DSA-3006	xen
DSA-3007	cacti
DSA-3008	php5
DSA-3009	python-imaging
DSA-3010	python-django
DSA-3011	mediawiki
DSA-3012	eglibc
DSA-3013	s3ql
DSA-3014	squid3
DSA-3015	lua5.1
DSA-3016	lua5.2
DSA-3017	php-cas
DSA-3019	procmail
DSA-3020	acpi-support
DSA-3021	file
DSA-3022	curl
DSA-3023	bind9
DSA-3024	gnupg
DSA-3025	apt
DSA-3026	dbus
DSA-3027	libav
DSA-3029	nginx
DSA-3030	mantis
DSA-3031	apt
DSA-3032	bash
DSA-3033	nss
DSA-3035	bash
DSA-3036	mediawiki
DSA-3038	libvirt
DSA-3039	chromium-browser
DSA-3040	rsyslog
DSA-3041	xen
DSA-3042	exuberant-ctags
DSA-3043	tryton-server
DSA-3044	qemu-kvm
DSA-3045	qemu
DSA-3046	mediawiki
DSA-3047	rsyslog
DSA-3048	apt

Removed packages

The following packages were removed due to circumstances beyond our control:

Package	Reason
ctn	Undistributable
ssdeep	Undistributable
dicomnifti	Depends on to-be-removed ctn
ctsim	Depends on to-be-removed ctn

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/wheezy/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/

Security announcements and information:

https://www.debian.org/security/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.