• Updated Debian 7: 7.9 released (1/2)

    From Neil McGovern@21:1/5 to All on Sat Sep 5 21:20:01 2015
    ------------------------------------------------------------------------
    The Debian Project https://www.debian.org/ Updated Debian 7: 7.9 released press@debian.org September 5th, 2015 https://www.debian.org/News/2015/2015090502 ------------------------------------------------------------------------


    The Debian project is pleased to announce the ninth update of its
    oldstable distribution Debian 7 (codename "wheezy"). This update mainly
    adds corrections for security problems to the oldstable release, along
    with a few adjustments for serious problems. Security advisories were
    published separately and are referenced where applicable.

    Please note that this update does not constitute a new version of Debian
    7 but only updates some of the packages included. There is no need to
    throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
    Debian mirror after an installation, to cause any out of date packages
    to be updated.

    Those who frequently install updates from security.debian.org won't have
    to update many packages and most updates from security.debian.org are
    included in this update.

    New installation media and CD and DVD images containing updated packages
    will be available soon at the regular locations.

    Upgrading to this revision online is usually done by pointing the
    aptitude (or apt) package tool (see the sources.list(5) manual page) to
    one of Debian's many FTP or HTTP mirrors. A comprehensive list of
    mirrors is available at:

    https://www.debian.org/mirror/list



    Miscellaneous Bugfixes
    ----------------------

    This oldstable update adds a few important corrections to the following packages:

    +----------------------------+----------------------------------------+
    | Package | Reason | +----------------------------+----------------------------------------+
    | amd64-microcode [1] | Update included microcode |
    | | |
    | base-files [2] | Update for the point release |
    | | |
    | bley [3] | Remove dnsbl.ahbl.org from the default |
    | | configuration, as it's been shut down |
    | | |
    | clamav [4] | New upstream release; fix division by |
    | | zero and pointer arithmetic overflow |
    | | in the bundled libmspack |
    | | |
    | commons-httpclient [5] | Fix incomplete fix for CVE-2012-6153 |
    | | issue with CN checking [CVE-2014-3577] |
    | | |
    | conky [6] | Declare Breaks+Replaces relationship |
    | | against conky (<< 1.8.0-1) to fix |
    | | upgrade path from lenny to squeeze and |
    | | then wheezy |
    | | |
    | debian-installer [7] | Use the result of 'apt-config dump' to |
    | | determine where to find the system's |
    | | sources.list |
    | | |
    | debian-installer-netboot- | Rebuild against new debian-installer |
    | images [8] | |
    | | |
    | debian-security- | Add package to Wheezy |
    | support [9] | |
    | | |
    | debmirror [10] | Support "new" Contents file |
    | | location; support HTTPS; add -- |
    | | keyring, --include-field and -- |
    | | exclude-field options |
    | | |
    | debootstrap [11] | Add support for Stretch; resolve mount |
    | | point symlinks relative to the target |
    | | chroot before unmounting them |
    | | |
    | didjvu [12] | Fix insecure temp file use when |
    | | calling c44 |
    | | |
    | exactimage [13] | Fix integer overflow in the |
    | | ljpeg_start function in dcraw |
    | | [CVE-2015-3885] |
    | | |
    | frogr [14] | Use SSL endpoints for Flickr API; fix |
    | | crash in gcrypt |
    | | |
    | gamera [15] | Fix insecure temp file use [CVE-2014- |
    | | 1937] |
    | | |
    | gnome-shell [16] | Fix week number computation |
    | | |
    | hp2xx [17] | Fix crashes |
    | | |
    | httpcomponents-client [18] | Fix check that the server hostname |
    | | matches domain name in the subject's |
    | | CN field [CVE-2012-6153, CVE-2014- |
    | | 3577] |
    | | |
    | ikiwiki [19] | Fix XSS in openid selector; backport |
    | | blogspam plugin from experimental, |
    | | because the version in wheezy is no |
    | | longer usable |
    | | |
    | intel-microcode [20] | Update included microcode |
    | | |
    | ircd-hybrid [21] | Disable SSL3 to mitigate against the |
    | | POODLE attack |
    | | |
    | lame [22] | Check for invalid input sample rate |
    | | and number of channels, avoid |
    | | malformed wav causing floating point |
    | | exception, fix check for sample rate |
    | | ratio being an integer |
    | | |
    | lcms [23] | Repack to remove non-free test files |
    | | and colour profiles; fix DoS |
    | | [CVE-2013-4160] |
    | | |
    | libdatetime-timezone- | Update included data |
    | perl [24] | |
    | | |
    | libdbd-pg-perl [25] | Fix interoperability problem between |
    | | Wheezy clients and newer PostgreSQL |
    | | versions |
    | | |
    | libfcgi [26] | Avoid stack-smashing by using poll() |
    | | rather than select() |
    | | |
    | libraw [27] | Fix integer overflow in the |
    | | ljpeg_start function [CVE-2015-3885] |
    | | |
    | linux [28] | Update to stable release 3.2.68; drm, |
    | | agp: Update to 3.4.106; [rt] Update to |
    | | 3.2.68-rt99 |
    | | |
    | linux-ftpd-ssl [29] | Fix "NLST of empty directory results |
    | | in segfault" |
    | | |
    | maven [30] | Use HTTPS by default when downloading |
    | | artifacts from the Maven Central |
    | | repository |
    | | |
    | mdbtools [31] | Fix overflow in some memo fields and |
    | | output of binary data |
    | | |
    | mediatomb [32] | Disable user interface by default |
    | | |
    | mercurial [33] | Fix "errors in handling case- |
    | | sensitive directories allow for remote |
    | | code execution on pull" [CVE-2014- |
    | | 9390] |
    | | |
    | mozilla-noscript [34] | Fix enumeration of scripts on |
    | | Iceweasel >= 35 |
    | | |
    | netcf [35] | Fix ipcalc_netmask; prevent a memory |
    | | leak when listing interfaces |
    | | |
    | open-vm-tools [36] | Handle structure changes in newer |
    | | kernel releases (d_alias to |
    | | d_u.d_alias) |
    | | |
    | openafs [37] | Fix the kernel module build when |
    | | d_alias is in the d_u union; fix |
    | | potential file corruption of mmapped |
    | | files |
    | | |
    | opencv [38] | Update license information for the gpu |
    | | module |
    | | |
    | openvswitch [39] | Fix build of openvswitch-datapath-dkms |
    | | |
    | osc [40] | Fix shell injection [CVE-2015-0778] |
    | | |
    | partconf [41] | Exclude CD/DVD drives from partition |
    | | search |
    | | |
    | pdf2djvu [42] | Fix insecure temp file use when |
    | | calling c44 |
    | | |
    | pgbouncer [43] | Fix remote crash - invalid packet |
    | | order causes lookup of NULL pointer |
    | | [CVE-2015-4054] |
    | | |
    | phpbb3 [44] | Fix CSRF vulnerability [CVE-2015-1432] |
    | | and CSS injection [CVE-2015-1431]; fix |
    | | possible redirect vulnerability |
    | | [CVE-2015-3880] |
    | | |
    | policyd-weight [45] | Remove use of obsolete rhsbl.ahbl.org |
    | | RBL; update list of default RBLs in |
    | | the manpage to match reality |
    | | |
    | postgresql-9.1 [46] | New upstream release |
    | | |
    | rawtherapee [47] | Fix dcraw imput sanitization errors |
    | | [CVE-2015-3885] |
    | | |
    | spamassassin [48] | Remove references to ahbl.org DNSBL, |
    | | which has ceased operation |
    | | |
    | ssl-cert [49] | Use SHA2 for newly generated |
    | | certificates; set umask to make sure |
    | | that the generated key is not world- |
    | | readable for a short timespan while |
    | | make-ssl-cert runs |
    | | |
    | sudo [50] | Recognize lenny and squeeze unmodified |
    | | sudoers to avoid dpkg questions about |
    | | modified conffiles on upgrades to |
    | | wheezy |
    | | |
    | tcllib [51] | Fix XSS vulnerability in the html |
    | | module for <textarea/> elements |
    | | |
    | tomcat7 [52] | Fix FTBFS error by making sure SSL |
    | | unit tests use TLS protocols; re- |
    | | generate expired test certificates |
    | | |
    | tzdata [53] | New upstream release |
    | | |
    | unrar-nonfree [54] | Fix a symlink directory traversal |
    | | vulnerability |
    | | |
    | unzip [55] | Fix "unzip thinks some files are |
    | | symlinks" , buffer overflow and crash |
    | | in zipinfo |
    | | |
    | user-mode-linux [56] | Rebuild against current kernel |
    | | |
    | vigor [57] | Use libc's regex routines rather than |
    | | the bundled ones, to avoid needing to |
    | | apply security patches independently |
    | | |
    | vpim [58] | Build for ruby 1.9 (wheezy's default |
    | | version) |
    | | |
    | wesnoth-1.10 [59] | Security fix: Disallowed inclusion |
    | | of .pbl files from WML [CVE-2015-5069, |
    | | CVE-2015-5070] |
    | | |
    | wireless-regdb [60] | Update included data |
    | | | +----------------------------+----------------------------------------+

    1: https://packages.debian.org/src:amd64-microcode
    2: https://packages.debian.org/src:base-files
    3: https://packages.debian.org/src:bley
    4: https://packages.debian.org/src:clamav
    5: https://packages.debian.org/src:commons-httpclient
    6: https://packages.debian.org/src:conky
    7: https://packages.debian.org/src:debian-installer
    8: https://packages.debian.org/src:debian-installer-netboot-images
    9: https://packages.debian.org/src:debian-security-support
    10: https://packages.debian.org/src:debmirror
    11: https://packages.debian.org/src:debootstrap
    12: https://packages.debian.org/src:didjvu
    13: https://packages.debian.org/src:exactimage
    14: https://packages.debian.org/src:frogr
    15: https://packages.debian.org/src:gamera
    16: https://packages.debian.org/src:gnome-shell
    17: https://packages.debian.org/src:hp2xx
    18: https://packages.debian.org/src:httpcomponents-client
    19: https://packages.debian.org/src:ikiwiki
    20: https://packages.debian.org/src:intel-microcode
    21: https://packages.debian.org/src:ircd-hybrid
    22: https://packages.debian.org/src:lame
    23: https://packages.debian.org/src:lcms
    24: https://packages.debian.org/src:libdatetime-timezone-perl
    25: https://packages.debian.org/src:libdbd-pg-perl
    26: https://packages.debian.org/src:libfcgi
    27: https://packages.debian.org/src:libraw
    28: https://packages.debian.org/src:linux
    29: https://packages.debian.org/src:linux-ftpd-ssl
    30: https://packages.debian.org/src:maven
    31: https://packages.debian.org/src:mdbtools
    32: https://packages.debian.org/src:mediatomb
    33: https://packages.debian.org/src:mercurial
    34: https://packages.debian.org/src:mozilla-noscript
    35: https://packages.debian.org/src:netcf
    36: https://packages.debian.org/src:open-vm-tools
    37: https://packages.debian.org/src:openafs
    38: https://packages.debian.org/src:opencv
    39: https://packages.debian.org/src:openvswitch
    40: https://packages.debian.org/src:osc
    41: https://packages.debian.org/src:partconf
    42: https://packages.debian.org/src:pdf2djvu
    43: https://packages.debian.org/src:pgbouncer
    44: https://packages.debian.org/src:phpbb3
    45: https://packages.debian.org/src:policyd-weight
    46: https://packages.debian.org/src:postgresql-9.1
    47: https://packages.debian.org/src:rawtherapee
    48: https://packages.debian.org/src:spamassassin
    49: https://packages.debian.org/src:ssl-cert
    50: https://packages.debian.org/src:sudo
    51: https://packages.debian.org/src:tcllib
    52: https://packages.debian.org/src:tomcat7
    53: https://packages.debian.org/src:tzdata
    54: https://packages.debian.org/src:unrar-nonfree
    55: https://packages.debian.org/src:unzip
    56: https://packages.debian.org/src:user-mode-linux
    57: https://packages.debian.org/src:vigor
    58: https://packages.debian.org/src:vpim
    59: https://packages.debian.org/src:wesnoth-1.10
    60: https://packages.debian.org/src:wireless-regdb

    Security Updates
    ----------------

    This revision adds the following security updates to the oldstable
    release. The Security Team has already released an advisory for each of
    these updates:

    +----------------+--------------------------------+
    | Advisory ID | Package | +----------------+--------------------------------+
    | DSA-2978 [61] | libxml2 [62] |
    | | |
    | DSA-3057 [63] | libxml2 [64] |
    | | |
    | DSA-3076 [65] | wireshark [66] |
    | | |
    | DSA-3118 [67] | strongswan [68] |
    | | |
    | DSA-3119 [69] | libevent [70] |
    | | |
    | DSA-3120 [71] | mantis [72] |
    | | |
    | DSA-3121 [73] | file [74] |
    | | |
    | DSA-3122 [75] | curl [76] |
    | | |
    | DSA-3123 [77] | binutils [78] |
    | | |
    | DSA-3123 [79] | binutils-mingw-w64 [80] |
    | | |
    | DSA-3124 [81] | otrs2 [82] |
    | | |
    | DSA-3125 [83] | openssl [84] |
    | | |
    | DSA-3126 [85] | php5 [86] |
    | | |
    | DSA-3127 [87] | iceweasel [88] |
    | | |
    | DSA-3128 [89] | linux [90] |
    | | |
    | DSA-3129 [91] | rpm [92] |
    | | |
    | DSA-3130 [93] | lsyncd [94] |
    | | |
    | DSA-3131 [95] | xdg-utils [96] |
    | | |
    | DSA-3133 [97] | privoxy [98] |
    | | |
    | DSA-3134 [99] | sympa [100] |
    | | |
    | DSA-3135 [101] | mysql-5.5 [102] |
    | | |
    | DSA-3136 [103] | polarssl [104] |
    | | |
    | DSA-3137 [105] | websvn [106] |
    | | |
    | DSA-3138 [107] | jasper [108] |
    | | |
    | DSA-3139 [109] | squid [110] |
    | | |
    | DSA-3140 [111] | xen [112] |
    | | |
    | DSA-3141 [113] | wireshark [114] |
    | | |
    | DSA-3142 [115] | eglibc [116] |
    | | |
    | DSA-3143 [117] | virtualbox [118] |
    | | |
    | DSA-3145 [119] | privoxy [120] |
    | | |
    | DSA-3146 [121] | requests [122] |
    | | |
    | DSA-3149 [123] | condor [124] |
    | | |
    | DSA-3150 [125] | vlc [126] |
    | | |
    | DSA-3151 [127] | python-django [128] |
    | | |
    | DSA-3152 [129] | unzip [130] |
    | | |
    | DSA-3153 [131] | krb5 [132] |
    | | |
    | DSA-3154 [133] | ntp [134] |
    | | |
    | DSA-3155 [135] | postgresql-9.1 [136] |
    | | |
    | DSA-3156 [137] | vlc [138] |
    | | |
    | DSA-3156 [139] | mplayer [140] |
    | | |
    | DSA-3156 [141] | liblivemedia [142] |
    | | |
    | DSA-3158 [143] | unrtf [144] |
    | | |
    | DSA-3159 [145] | ruby1.8 [146] |
    | | |
    | DSA-3160 [147] | xorg-server [148] |
    | | |
    | DSA-3161 [149] | dbus [150] |
    | | |
    | DSA-3162 [151] | bind9 [152] |
    | | |
    | DSA-3164 [153] | typo3-src [154] |
    | | |
    | DSA-3165 [155] | xdg-utils [156] |
    | | |
    | DSA-3166 [157] | e2fsprogs [158] |
    | | |
    | DSA-3167 [159] | sudo [160] |
    | | |
    | DSA-3168 [161] | ruby-redcloth [162] |
    | | |
    | DSA-3169 [163] | eglibc [164] |
    | | |
    | DSA-3170 [165] | linux [166] |
    | | |
    | DSA-3171 [167] | samba [168] |
    | | |
    | DSA-3172 [169] | cups [170] |
    | | |
    | DSA-3174 [171] | iceweasel [172] |
    | | |
    | DSA-3176 [173] | request-tracker4 [174] |
    | | |
    | DSA-3177 [175] | mod-gnutls [176] |
    | | |
    | DSA-3178 [177] | unace [178] |
    | | |
    | DSA-3180 [179] | libarchive [180] |
    | | |
    | DSA-3181 [181] | xen [182] |
    | | |
    | DSA-3182 [183] | libssh2 [184] |
    | | |
    | DSA-3183 [185] | movabletype-opensource [186] |
    | | |
    | DSA-3184 [187] | gnupg [188] |
    | | |
    | DSA-3185 [189] | libgcrypt11 [190] |
    | | |
    | DSA-3186 [191] | nss [192] |
    | | |
    | DSA-3187 [193] | icu [194] |
    | | |
    | DSA-3188 [195] | freetype [196] |
    | | |
    | DSA-3189 [197] | libav [198] |
    | | |
    | DSA-3190 [199] | putty [200] |
    | | |
    | DSA-3191 [201] | gnutls26 [202] |
    | | |
    | DSA-3192 [203] | checkpw [204] |
    | | |
    | DSA-3193 [205] | tcpdump [206] |
    | | |
    | DSA-3194 [207] | libxfont [208] |
    | | |
    | DSA-3195 [209] | php5 [210] |
    | | |
    | DSA-3196 [211] | file [212] |
    | | |
    | DSA-3197 [213] | openssl [214] |
    | | |
    | DSA-3198 [215] | php5 [216] |
    | | |
    | DSA-3199 [217] | xerces-c [218] |
    | | |
    | DSA-3200 [219] | drupal7 [220] |
    | | |
    | DSA-3201 [221] | iceweasel [222] |
    | | |
    | DSA-3202 [223] | mono [224] |
    | | |
    | DSA-3203 [225] | tor [226] |
    | | |
    | DSA-3204 [227] | python-django [228] |
    | | |
    | DSA-3205 [229] | batik [230] |
    | | |
    | DSA-3206 [231] | dulwich [232] |
    | | |
    | DSA-3207 [233] | shibboleth-sp2 [234] |
    | | |
    | DSA-3208 [235] | freexl [236] |
    | | |
    | DSA-3209 [237] | openldap [238] |
    | | |
    | DSA-3210 [239] | wireshark [240] |
    | | |
    | DSA-3211 [241] | iceweasel [242] |
    | | |
    | DSA-3213 [243] | arj [244] |
    | | |
    | DSA-3214 [245] | mailman [246] |
    | | |
    | DSA-3215 [247] | libgd2 [248] |
    | | |
    | DSA-3216 [249] | tor [250] |
    | | |
    | DSA-3217 [251] | dpkg [252] |
    | | |
    | DSA-3218 [253] | wesnoth-1.10 [254] |
    | | |
    | DSA-3220 [255] | libtasn1-3 [256] |
    | | |
    | DSA-3221 [257] | das-watchdog [258] |
    | | |
    | DSA-3222 [259] | chrony [260] |
    | | |
    | DSA-3223 [261] | ntp [262] |
    | | |
    | DSA-3224 [263] | libxrender [264] |
    | | |
    | DSA-3224 [265] | libx11 [266] |
    | | |
    | DSA-3225 [267] | gst-plugins-bad0.10 [268] |
    | | |
    | DSA-3226 [269] | inspircd [270] |
    | | |
    | DSA-3227 [271] | movabletype-opensource [272] |
    | | |
    | DSA-3228 [273] | ppp [274] |
    | | |
    | DSA-3229 [275] | mysql-5.5 [276] |
    | | |
    | DSA-3230 [277] | django-markupfield [278] |
    | | |
    | DSA-3231 [279] | subversion [280] |
    | | |
    | DSA-3232 [281] | curl [282] |
    | | |
    | DSA-3233 [283] | wpa [284] |
    | | |
    | DSA-3237 [285] | linux [286] |
    | | |
    | DSA-3243 [287] | libxml-libxml-perl [288] |
    | | |
    | DSA-3245 [289] | ruby1.8 [290] |

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)