------------------------------------------------------------------------
The Debian Project
https://www.debian.org/ Updated Debian 8: 8.2 released
press@debian.org September 5th, 2015
https://www.debian.org/News/2015/20150905 ------------------------------------------------------------------------
The Debian project is pleased to announce the second update of its
stable distribution Debian 8 (codename "jessie"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were
published separately and are referenced where applicable.
Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason | +---------------------------+-----------------------------------------+
| akonadi [1] | Fix a bug that caused old files to be |
| | kept when they should be removed |
| | |
| apache2 [2] | Fix conffile logic for wheezy to jessie |
| | upgrades; fix -D[efined] or <Define>[d] |
| | variables lifetime accross restarts; |
| | mpm_event: Fix process deadlock when |
| | shutting down a worker; mpm_event: Fix |
| | crashes due to various race conditions |
| | |
| apt [3] | Parse specific-arch dependencies |
| | correctly on single-arch systems; |
| | remove "first package seen is native |
| | package" assumption; fix endless loop |
| | in apt-get update that can cause all |
| | disk space to be used |
| | |
| bareos [4] | Fix backup corruption on multi-volume |
| | jobs; add autopkgtests |
| | |
| base-files [5] | Update for the point release |
| | |
| binutils-mingw-w64 [6] | Apply upstream fix to handle Visual |
| | Studio DLLs |
| | |
| bird [7] | Correctly migrate bird6.conf from bird6 |
| | package |
| | |
| cron [8] | Cron.service: Use KillMode=process to |
| | kill only the daemon, not running jobs |
| | |
| cross-gcc [9] | Require bash in rules.template makefile |
| | |
| dbus [10] | Fix a memory leak when |
| | GetConnectionCredentials is called; |
| | stop dbus-monitor replying to |
| | org.freedesktop.DBus.Peer messages, |
| | including those that another process |
| | should have replied to |
| | |
| debian-installer [11] | Add image for Seagate DockStar; add |
| | symlinks for OpenRD variants; append |
| | DTB for LaCie NAS devices that require |
| | it |
| | |
| debian-installer- | Set the menu icon text in the source |
| launcher [12] | package to read "Install Debian |
| | jessie" |
| | |
| debian-installer-netboot- | Rebuild against new debian-installer |
| images [13] | |
| | |
| designate [14] | Fix mDNS DoS through incorrect handling |
| | of large RecordSets [CVE-2015-5695] |
| | |
| dovecot [15] | Fix SSL/TLS handshake failures leading |
| | to a crash of the login process with |
| | newer versions of OpenSSL [CVE-2015- |
| | 3420]; fix mbox corruption issue |
| | |
| ejabberd [16] | Fix logging of nicknames in muc logs |
| | and parsing of "ldap_dn_filter" |
| | option; postinst: restart on upgrade; |
| | logrotate: don't signal a non-running |
| | daemon |
| | |
| flash-kernel [17] | Combine i.MX53 QSB and LOCO board |
| | entries, they are the same thing and |
| | the LOCO variant was missing DTB |
| | information, possibly causing issues |
| | during wheezy to jessie upgrades |
| | |
| fusiondirectory [18] | Access javascript libraries via a path |
| | relative to FusionDirectory's base path |
| | |
| glibc [19] | Fix pthread_mutex_trylock with lock |
| | elision; fix gprof entry point on |
| | ppc64el; fix a buffer overflow in |
| | getanswer_r [CVE-2015-1781] |
| | |
| glusterfs [20] | Stop creating UNIX domain sockets as |
| | FIFOs on NFS |
| | |
| gnome-terminal [21] | Open new tabs in working directory, |
| | rather than home directory |
| | |
| gnutls28 [22] | Fix a crash in VIA PadLock asm; fix |
| | GNUTLS-SA-2015-2, which allowed MD5 |
| | signatures (which are disabled by |
| | default) in the ServerKeyExchange |
| | message |
| | |
| gosa [23] | Fix idGenerator for patterns like |
| | {%sn[3-6}-{%givenName[3-6]}; enable |
| | CSV / LDIF import on (non-Debian-Edu) |
| | clean installations by default |
| | |
| groovy2 [24] | Fix remote execution of untrusted code |
| | and possible DoS vulnerability |
| | [CVE-2015-3253] |
| | |
| grub-installer [25] | Correctly propagate grub-installer/ |
| | force-efi-extra-removable to installed |
| | system |
| | |
| gtk+3.0 [26] | Fix several crashes |
| | |
| haproxy [27] | Fix a segfault when parsing a |
| | configuration file containing disabled |
| | proxy sections |
| | |
| how-can-i-help [28] | Use HTTPS to connect to UDD |
| | |
| kic [29] | configure: Do not add -L without |
| | argument to $LIBS |
| | |
| lame [30] | Enable functions with SSE instructions |
| | to maintain their own properly aligned |
| | stack. Fixes crashes when called from |
| | the ocaml bindings |
| | |
| libdatetime-timezone- | New upstream release |
| perl [31] | |
| | |
| libgee-0.8 [32] | Fix default value of --enable- |
| | consistency-check, otherwise a very |
| | expensive debug option is turned on by |
| | default and would make a lot of |
| | applications unusably slow |
| | |
| libio-socket-ssl- | Make PublicSuffix::_default_data thread |
| perl [33] | safe |
| | |
| libisocodes [34] | Fix GLib critical warning if the |
| | environment variable LANGUAGE is not |
| | set |
| | |
| libvirt [35] | Teach virt-aa-helper to use |
| | TEMPLATE.qemu if the domain is kvm or |
| | kqemu; fix crash on live migration; |
| | allow access to libnl-3 configuration; |
| | report original error when QMP probing |
| | fails with new QEMU |
| | |
| linux-ftpd-ssl [36] | Fix " NLST of empty directory results |
| | in segfault" |
| | |
| lynx-cur [37] | Use gnutls_set_default_priority() |
| | instead of a custom priority string, so |
| | fixing GNUTLS-SA-2015-2 in GnuTLS does |
| | not break SSL support in lynx |
| | |
| mesa [38] | Disable asynchronous DMA on radeonsi |
| | which can cause lockups |
| | |
| motif [39] | Disable fix for upstream bug #1565 |
| | which caused segfaults in ddd and xpdf |
| | |
| mozilla-gnome- | Restore compatibility with newer |
| keyring [40] | Iceweasel versions |
| | |
| nbd [41] | Fix authfile parsing |
| | |
| nss [42] | Fix certificate chain generation to |
| | prefer stronger/newer certificates over |
| | weaker/older certs |
| | |
| ocl-icd [43] | Fix "clSVMFree never called in OpenCL |
| | ICD" |
| | |
| pdf.js [44] | Drop xul-ext-pdf.js package since it's |
| | not compatible with iceweasel 38 |
| | |
| postgresql-9.1 [45] | New upstream release |
| | |
| postgresql-9.4 [46] | New upstream release |
| | |
| prosody [47] | Fix CNAME resolution |
| | |
| python-apt [48] | Work around a cyclic reference from |
| | Cache to its methods; LFS fixes; fix |
| | splitting of multi-lines Binary fields |
| | in dsc files; arch-qualify in |
| | compare_to_version_in_cache(); fix |
| | apt.Package.installed_files for multi- |
| | arch packages |
| | |
| python- | Fix S3token incorrect condition |
| keystoneclient [49] | expression for ssl_insecure [CVE-2015- |
| | 1852] |
| | |
| python- | Fix S3Token TLS cert verification |
| keystonemiddleware [50] | option not honored [CVE-2015-1852] |
| | |
| python-reportlab [51] | Correctly handle PNGs containing |
| | transparency |
| | |
| python-swiftclient [52] | Add missing dependency on python-pkg- |
| | resources |
| | |
| r-cran-rcurl [53] | Build-Depend on libcurl4-openssl-dev, |
| | fixing issues with PEM certificate |
| | bundles |
| | |
| rawtherapee [54] | Fix dcraw imput sanitization errors |
| | [CVE-2015-3885] |
| | |
| requestpolicy [55] | Restore compatibility with newer |
| | Iceweasel versions |
| | |
| rsyslog [56] | Disable transactions in ompgsql as they |
| | were not working properly |
| | |
| ruby2.1 [57] | Fix Request hijacking vulnerability in |
| | Rubygems [CVE-2015-3900] |
| | |
| syslinux [58] | Fix booting on some Chromebooks |
| | |
| systemd [59] | Disable default DNS servers in systemd- |
| | resolve; use strictly versioned |
| | dependendency on libsystemd-dev for the |
| | transitional dev packages; udev: |
| | Increase udev event timeout to 180s |
| | |
| tabmixplus [60] | Restore compatibility with newer |
| | Iceweasel versions |
| | |
| tcpdump [61] | Fix -Z confirmation log being sent to |
| | stdout, where it can get mixed with |
| | pcap stream data if '-w -' is used |
| | |
| torrus [62] | Revert broken patch refresh, thereby |
| | fixing rrdup_notify |
| | |
| tzdata [63] | New upstream release |
| | |
| ufraw [64] | Fix buffer overflow in ljpeg_start |
| | [CVE-2015-3885] |
| | |
| unattended-upgrades [65] | Make optional automatic-reboot work |
| | again; really fix adding of jessie- |
| | security |
| | |
| wesnoth-1.10 [66] | Disallow inclusion of .pbl files from |
| | WML [CVE-2015-5069, CVE-2015-5070] |
| | |
| xemacs21 [67] | Conflict against old transitional |
| | packages to make absolutely sure that |
| | they are removed before we try to |
| | upgrade; remove dependency from support |
| | to binary package since the binary |
| | package already has the equivalent |
| | dependency |
| | |
| xserver-xorg-video- | Don't pretend to support rotation |
| modesetting [68] | |
| | | +---------------------------+-----------------------------------------+
1:
https://packages.debian.org/src:akonadi
2:
https://packages.debian.org/src:apache2
3:
https://packages.debian.org/src:apt
4:
https://packages.debian.org/src:bareos
5:
https://packages.debian.org/src:base-files
6:
https://packages.debian.org/src:binutils-mingw-w64
7:
https://packages.debian.org/src:bird
8:
https://packages.debian.org/src:cron
9:
https://packages.debian.org/src:cross-gcc
10:
https://packages.debian.org/src:dbus
11:
https://packages.debian.org/src:debian-installer
12:
https://packages.debian.org/src:debian-installer-launcher
13:
https://packages.debian.org/src:debian-installer-netboot-images
14:
https://packages.debian.org/src:designate
15:
https://packages.debian.org/src:dovecot
16:
https://packages.debian.org/src:ejabberd
17:
https://packages.debian.org/src:flash-kernel
18:
https://packages.debian.org/src:fusiondirectory
19:
https://packages.debian.org/src:glibc
20:
https://packages.debian.org/src:glusterfs
21:
https://packages.debian.org/src:gnome-terminal
22:
https://packages.debian.org/src:gnutls28
23:
https://packages.debian.org/src:gosa
24:
https://packages.debian.org/src:groovy2
25:
https://packages.debian.org/src:grub-installer
26:
https://packages.debian.org/src:gtk+3.0
27:
https://packages.debian.org/src:haproxy
28:
https://packages.debian.org/src:how-can-i-help
29:
https://packages.debian.org/src:kic
30:
https://packages.debian.org/src:lame
31:
https://packages.debian.org/src:libdatetime-timezone-perl
32:
https://packages.debian.org/src:libgee-0.8
33:
https://packages.debian.org/src:libio-socket-ssl-perl
34:
https://packages.debian.org/src:libisocodes
35:
https://packages.debian.org/src:libvirt
36:
https://packages.debian.org/src:linux-ftpd-ssl
37:
https://packages.debian.org/src:lynx-cur
38:
https://packages.debian.org/src:mesa
39:
https://packages.debian.org/src:motif
40:
https://packages.debian.org/src:mozilla-gnome-keyring
41:
https://packages.debian.org/src:nbd
42:
https://packages.debian.org/src:nss
43:
https://packages.debian.org/src:ocl-icd
44:
https://packages.debian.org/src:pdf.js
45:
https://packages.debian.org/src:postgresql-9.1
46:
https://packages.debian.org/src:postgresql-9.4
47:
https://packages.debian.org/src:prosody
48:
https://packages.debian.org/src:python-apt
49:
https://packages.debian.org/src:python-keystoneclient
50:
https://packages.debian.org/src:python-keystonemiddleware
51:
https://packages.debian.org/src:python-reportlab
52:
https://packages.debian.org/src:python-swiftclient
53:
https://packages.debian.org/src:r-cran-rcurl
54:
https://packages.debian.org/src:rawtherapee
55:
https://packages.debian.org/src:requestpolicy
56:
https://packages.debian.org/src:rsyslog
57:
https://packages.debian.org/src:ruby2.1
58:
https://packages.debian.org/src:syslinux
59:
https://packages.debian.org/src:systemd
60:
https://packages.debian.org/src:tabmixplus
61:
https://packages.debian.org/src:tcpdump
62:
https://packages.debian.org/src:torrus
63:
https://packages.debian.org/src:tzdata
64:
https://packages.debian.org/src:ufraw
65:
https://packages.debian.org/src:unattended-upgrades
66:
https://packages.debian.org/src:wesnoth-1.10
67:
https://packages.debian.org/src:xemacs21
68:
https://packages.debian.org/src:xserver-xorg-video-modesetting
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+---------------------------+
| Advisory ID | Package | +----------------+---------------------------+
| DSA-3260 [69] | iceweasel [70] |
| | |
| DSA-3276 [71] | symfony [72] |
| | |
| DSA-3277 [73] | wireshark [74] |
| | |
| DSA-3278 [75] | libapache-mod-jk [76] |
| | |
| DSA-3279 [77] | redis [78] |
| | |
| DSA-3282 [79] | strongswan [80] |
| | |
| DSA-3283 [81] | cups [82] |
| | |
| DSA-3284 [83] | qemu [84] |
| | |
| DSA-3286 [85] | xen [86] |
| | |
| DSA-3287 [87] | openssl [88] |
| | |
| DSA-3288 [89] | libav [90] |
| | |
| DSA-3289 [91] | p7zip [92] |
| | |
| DSA-3291 [93] | drupal7 [94] |
| | |
| DSA-3292 [95] | cinder [96] |
| | |
| DSA-3293 [97] | pyjwt [98] |
| | |
| DSA-3294 [99] | wireshark [100] |
| | |
| DSA-3295 [101] | cacti [102] |
| | |
| DSA-3296 [103] | libcrypto++ [104] |
| | |
| DSA-3297 [105] | unattended-upgrades [106] |
| | |
| DSA-3298 [107] | jackrabbit [108] |
| | |
| DSA-3299 [109] | stunnel4 [110] |
| | |
| DSA-3300 [111] | iceweasel [112] |
| | |
| DSA-3301 [113] | haproxy [114] |
| | |
| DSA-3302 [115] | libwmf [116] |
| | |
| DSA-3303 [117] | cups-filters [118] |
| | |
| DSA-3304 [119] | bind9 [120] |
| | |
| DSA-3305 [121] | python-django [122] |
| | |
| DSA-3306 [123] | pdns [124] |
| | |
| DSA-3307 [125] | pdns-recursor [126] |
| | |
| DSA-3308 [127] | mysql-5.5 [128] |
| | |
| DSA-3309 [129] | tidy [130] |
| | |
| DSA-3310 [131] | freexl [132] |
| | |
| DSA-3312 [133] | cacti [134] |
| | |
| DSA-3313 [135] | linux [136] |
| | |
| DSA-3315 [137] | chromium-browser [138] |
| | |
| DSA-3317 [139] | lxc [140] |
| | |
| DSA-3318 [141] | expat [142] |
| | |
| DSA-3319 [143] | bind9 [144] |
| | |
| DSA-3320 [145] | openafs [146] |
| | |
| DSA-3321 [147] | opensaml2 [148] |
| | |
| DSA-3321 [149] | xmltooling [150] |
| | |
| DSA-3322 [151] | ruby-rack [152] |
| | |
| DSA-3323 [153] | icu [154] |
| | |
| DSA-3325 [155] | apache2 [156] |
| | |
| DSA-3326 [157] | ghostscript [158] |
| | |
| DSA-3328 [159] | wordpress [160] |
| | |
| DSA-3329 [161] | linux [162] |
| | |
| DSA-3330 [163] | activemq [164] |
| | |
| DSA-3331 [165] | subversion [166] |
| | |
| DSA-3332 [167] | wordpress [168] |
| | |
| DSA-3333 [169] | iceweasel [170] |
| | |
| DSA-3334 [171] | gnutls28 [172] |
| | |
| DSA-3335 [173] | request-tracker4 [174] |
| | |
| DSA-3336 [175] | nss [176] |
| | |
| DSA-3337 [177] | gdk-pixbuf [178] |
| | |
| DSA-3338 [179] | python-django [180] |
| | |
| DSA-3340 [181] | zendframework [182] |
| | |
| DSA-3341 [183] | conntrack [184] |
| | |
| DSA-3342 [185] | vlc [186] |
| | |
| DSA-3343 [187] | twig [188] |
| | |
| DSA-3345 [189] | iceweasel [190] |
| | | +----------------+---------------------------+
69:
https://www.debian.org/security/2015/dsa-3260
70:
https://packages.debian.org/src:iceweasel
71:
https://www.debian.org/security/2015/dsa-3276
72:
https://packages.debian.org/src:symfony
73:
https://www.debian.org/security/2015/dsa-3277
74:
https://packages.debian.org/src:wireshark
75:
https://www.debian.org/security/2015/dsa-3278
76:
https://packages.debian.org/src:libapache-mod-jk
77:
https://www.debian.org/security/2015/dsa-3279
78:
https://packages.debian.org/src:redis
79:
https://www.debian.org/security/2015/dsa-3282
80:
https://packages.debian.org/src:strongswan
81:
https://www.debian.org/security/2015/dsa-3283
82:
https://packages.debian.org/src:cups
83:
https://www.debian.org/security/2015/dsa-3284
84:
https://packages.debian.org/src:qemu
85:
https://www.debian.org/security/2015/dsa-3286
86:
https://packages.debian.org/src:xen
87:
https://www.debian.org/security/2015/dsa-3287
88:
https://packages.debian.org/src:openssl
89:
https://www.debian.org/security/2015/dsa-3288
90:
https://packages.debian.org/src:libav
91:
https://www.debian.org/security/2015/dsa-3289
92:
https://packages.debian.org/src:p7zip
93:
https://www.debian.org/security/2015/dsa-3291
94:
https://packages.debian.org/src:drupal7
95:
https://www.debian.org/security/2015/dsa-3292
96:
https://packages.debian.org/src:cinder
97:
https://www.debian.org/security/2015/dsa-3293
98:
https://packages.debian.org/src:pyjwt
99:
https://www.debian.org/security/2015/dsa-3294
100:
https://packages.debian.org/src:wireshark
101:
https://www.debian.org/security/2015/dsa-3295
102:
https://packages.debian.org/src:cacti
103:
https://www.debian.org/security/2015/dsa-3296
104:
https://packages.debian.org/src:libcrypto++
105:
https://www.debian.org/security/2015/dsa-3297
106:
https://packages.debian.org/src:unattended-upgrades
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)