------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 7: 7.9 released press@debian.org September 5th, 2015 https://www.debian.org/News/2015/2015090502 ------------------------------------------------------------------------


The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian 7 (codename "wheezy"). This update mainly
adds corrections for security problems to the oldstable release, along
with a few adjustments for serious problems. Security advisories were
published separately and are referenced where applicable.

Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following packages:

+----------------------------+----------------------------------------+
| Package | Reason | +----------------------------+----------------------------------------+
| amd64-microcode [1] | Update included microcode |
| | |
| base-files [2] | Update for the point release |
| | |
| bley [3] | Remove dnsbl.ahbl.org from the default |
| | configuration, as it's been shut down |
| | |
| clamav [4] | New upstream release; fix division by |
| | zero and pointer arithmetic overflow |
| | in the bundled libmspack |
| | |
| commons-httpclient [5] | Fix incomplete fix for CVE-2012-6153 |
| | issue with CN checking [CVE-2014-3577] |
| | |
| conky [6] | Declare Breaks+Replaces relationship |
| | against conky (<< 1.8.0-1) to fix |
| | upgrade path from lenny to squeeze and |
| | then wheezy |
| | |
| debian-installer [7] | Use the result of 'apt-config dump' to |
| | determine where to find the system's |
| | sources.list |
| | |
| debian-installer-netboot- | Rebuild against new debian-installer |
| images [8] | |
| | |
| debian-security- | Add package to Wheezy |
| support [9] | |
| | |
| debmirror [10] | Support "new" Contents file |
| | location; support HTTPS; add -- |
| | keyring, --include-field and -- |
| | exclude-field options |
| | |
| debootstrap [11] | Add support for Stretch; resolve mount |
| | point symlinks relative to the target |
| | chroot before unmounting them |
| | |
| didjvu [12] | Fix insecure temp file use when |
| | calling c44 |
| | |
| exactimage [13] | Fix integer overflow in the |
| | ljpeg_start function in dcraw |
| | [CVE-2015-3885] |
| | |
| frogr [14] | Use SSL endpoints for Flickr API; fix |
| | crash in gcrypt |
| | |
| gamera [15] | Fix insecure temp file use [CVE-2014- |
| | 1937] |
| | |
| gnome-shell [16] | Fix week number computation |
| | |
| hp2xx [17] | Fix crashes |
| | |
| httpcomponents-client [18] | Fix check that the server hostname |
| | matches domain name in the subject's |
| | CN field [CVE-2012-6153, CVE-2014- |
| | 3577] |
| | |
| ikiwiki [19] | Fix XSS in openid selector; backport |
| | blogspam plugin from experimental, |
| | because the version in wheezy is no |
| | longer usable |
| | |
| intel-microcode [20] | Update included microcode |
| | |
| ircd-hybrid [21] | Disable SSL3 to mitigate against the |
| | POODLE attack |
| | |
| lame [22] | Check for invalid input sample rate |
| | and number of channels, avoid |
| | malformed wav causing floating point |
| | exception, fix check for sample rate |
| | ratio being an integer |
| | |
| lcms [23] | Repack to remove non-free test files |
| | and colour profiles; fix DoS |
| | [CVE-2013-4160] |
| | |
| libdatetime-timezone- | Update included data |
| perl [24] | |
| | |
| libdbd-pg-perl [25] | Fix interoperability problem between |
| | Wheezy clients and newer PostgreSQL |
| | versions |
| | |
| libfcgi [26] | Avoid stack-smashing by using poll() |
| | rather than select() |
| | |
| libraw [27] | Fix integer overflow in the |
| | ljpeg_start function [CVE-2015-3885] |
| | |
| linux [28] | Update to stable release 3.2.68; drm, |
| | agp: Update to 3.4.106; [rt] Update to |
| | 3.2.68-rt99 |
| | |
| linux-ftpd-ssl [29] | Fix "NLST of empty directory results |
| | in segfault" |
| | |
| maven [30] | Use HTTPS by default when downloading |
| | artifacts from the Maven Central |
| | repository |
| | |
| mdbtools [31] | Fix overflow in some memo fields and |
| | output of binary data |
| | |
| mediatomb [32] | Disable user interface by default |
| | |
| mercurial [33] | Fix "errors in handling case- |
| | sensitive directories allow for remote |
| | code execution on pull" [CVE-2014- |
| | 9390] |
| | |
| mozilla-noscript [34] | Fix enumeration of scripts on |
| | Iceweasel >= 35 |
| | |
| netcf [35] | Fix ipcalc_netmask; prevent a memory |
| | leak when listing interfaces |
| | |
| open-vm-tools [36] | Handle structure changes in newer |
| | kernel releases (d_alias to |
| | d_u.d_alias) |
| | |
| openafs [37] | Fix the kernel module build when |
| | d_alias is in the d_u union; fix |
| | potential file corruption of mmapped |
| | files |
| | |
| opencv [38] | Update license information for the gpu |
| | module |
| | |
| openvswitch [39] | Fix build of openvswitch-datapath-dkms |
| | |
| osc [40] | Fix shell injection [CVE-2015-0778] |
| | |
| partconf [41] | Exclude CD/DVD drives from partition |
| | search |
| | |
| pdf2djvu [42] | Fix insecure temp file use when |
| | calling c44 |
| | |
| pgbouncer [43] | Fix remote crash - invalid packet |
| | order causes lookup of NULL pointer |
| | [CVE-2015-4054] |
| | |
| phpbb3 [44] | Fix CSRF vulnerability [CVE-2015-1432] |
| | and CSS injection [CVE-2015-1431]; fix |
| | possible redirect vulnerability |
| | [CVE-2015-3880] |
| | |
| policyd-weight [45] | Remove use of obsolete rhsbl.ahbl.org |
| | RBL; update list of default RBLs in |
| | the manpage to match reality |
| | |
| postgresql-9.1 [46] | New upstream release |
| | |
| rawtherapee [47] | Fix dcraw imput sanitization errors |
| | [CVE-2015-3885] |
| | |
| spamassassin [48] | Remove references to ahbl.org DNSBL, |
| | which has ceased operation |
| | |
| ssl-cert [49] | Use SHA2 for newly generated |
| | certificates; set umask to make sure |
| | that the generated key is not world- |
| | readable for a short timespan while |
| | make-ssl-cert runs |
| | |
| sudo [50] | Recognize lenny and squeeze unmodified |
| | sudoers to avoid dpkg questions about |
| | modified conffiles on upgrades to |
| | wheezy |
| | |
| tcllib [51] | Fix XSS vulnerability in the html |
| | module for <textarea/> elements |
| | |
| tomcat7 [52] | Fix FTBFS error by making sure SSL |
| | unit tests use TLS protocols; re- |
| | generate expired test certificates |
| | |
| tzdata [53] | New upstream release |
| | |
| unrar-nonfree [54] | Fix a symlink directory traversal |
| | vulnerability |
| | |
| unzip [55] | Fix "unzip thinks some files are |
| | symlinks" , buffer overflow and crash |
| | in zipinfo |
| | |
| user-mode-linux [56] | Rebuild against current kernel |
| | |
| vigor [57] | Use libc's regex routines rather than |
| | the bundled ones, to avoid needing to |
| | apply security patches independently |
| | |
| vpim [58] | Build for ruby 1.9 (wheezy's default |
| | version) |
| | |
| wesnoth-1.10 [59] | Security fix: Disallowed inclusion |
| | of .pbl files from WML [CVE-2015-5069, |
| | CVE-2015-5070] |
| | |
| wireless-regdb [60] | Update included data |
| | | +----------------------------+----------------------------------------+

1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bley
4: https://packages.debian.org/src:clamav
5: https://packages.debian.org/src:commons-httpclient
6: https://packages.debian.org/src:conky
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debian-security-support
10: https://packages.debian.org/src:debmirror
11: https://packages.debian.org/src:debootstrap
12: https://packages.debian.org/src:didjvu
13: https://packages.debian.org/src:exactimage
14: https://packages.debian.org/src:frogr
15: https://packages.debian.org/src:gamera
16: https://packages.debian.org/src:gnome-shell
17: https://packages.debian.org/src:hp2xx
18: https://packages.debian.org/src:httpcomponents-client
19: https://packages.debian.org/src:ikiwiki
20: https://packages.debian.org/src:intel-microcode
21: https://packages.debian.org/src:ircd-hybrid
22: https://packages.debian.org/src:lame
23: https://packages.debian.org/src:lcms
24: https://packages.debian.org/src:libdatetime-timezone-perl
25: https://packages.debian.org/src:libdbd-pg-perl
26: https://packages.debian.org/src:libfcgi
27: https://packages.debian.org/src:libraw
28: https://packages.debian.org/src:linux
29: https://packages.debian.org/src:linux-ftpd-ssl
30: https://packages.debian.org/src:maven
31: https://packages.debian.org/src:mdbtools
32: https://packages.debian.org/src:mediatomb
33: https://packages.debian.org/src:mercurial
34: https://packages.debian.org/src:mozilla-noscript
35: https://packages.debian.org/src:netcf
36: https://packages.debian.org/src:open-vm-tools
37: https://packages.debian.org/src:openafs
38: https://packages.debian.org/src:opencv
39: https://packages.debian.org/src:openvswitch
40: https://packages.debian.org/src:osc
41: https://packages.debian.org/src:partconf
42: https://packages.debian.org/src:pdf2djvu
43: https://packages.debian.org/src:pgbouncer
44: https://packages.debian.org/src:phpbb3
45: https://packages.debian.org/src:policyd-weight
46: https://packages.debian.org/src:postgresql-9.1
47: https://packages.debian.org/src:rawtherapee
48: https://packages.debian.org/src:spamassassin
49: https://packages.debian.org/src:ssl-cert
50: https://packages.debian.org/src:sudo
51: https://packages.debian.org/src:tcllib
52: https://packages.debian.org/src:tomcat7
53: https://packages.debian.org/src:tzdata
54: https://packages.debian.org/src:unrar-nonfree
55: https://packages.debian.org/src:unzip
56: https://packages.debian.org/src:user-mode-linux
57: https://packages.debian.org/src:vigor
58: https://packages.debian.org/src:vpim
59: https://packages.debian.org/src:wesnoth-1.10
60: https://packages.debian.org/src:wireless-regdb

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+--------------------------------+
| Advisory ID | Package | +----------------+--------------------------------+
| DSA-2978 [61] | libxml2 [62] |
| | |
| DSA-3057 [63] | libxml2 [64] |
| | |
| DSA-3076 [65] | wireshark [66] |
| | |
| DSA-3118 [67] | strongswan [68] |
| | |
| DSA-3119 [69] | libevent [70] |
| | |
| DSA-3120 [71] | mantis [72] |
| | |
| DSA-3121 [73] | file [74] |
| | |
| DSA-3122 [75] | curl [76] |
| | |
| DSA-3123 [77] | binutils [78] |
| | |
| DSA-3123 [79] | binutils-mingw-w64 [80] |
| | |
| DSA-3124 [81] | otrs2 [82] |
| | |
| DSA-3125 [83] | openssl [84] |
| | |
| DSA-3126 [85] | php5 [86] |
| | |
| DSA-3127 [87] | iceweasel [88] |
| | |
| DSA-3128 [89] | linux [90] |
| | |
| DSA-3129 [91] | rpm [92] |
| | |
| DSA-3130 [93] | lsyncd [94] |
| | |
| DSA-3131 [95] | xdg-utils [96] |
| | |
| DSA-3133 [97] | privoxy [98] |
| | |
| DSA-3134 [99] | sympa [100] |
| | |
| DSA-3135 [101] | mysql-5.5 [102] |
| | |
| DSA-3136 [103] | polarssl [104] |
| | |
| DSA-3137 [105] | websvn [106] |
| | |
| DSA-3138 [107] | jasper [108] |
| | |
| DSA-3139 [109] | squid [110] |
| | |
| DSA-3140 [111] | xen [112] |
| | |
| DSA-3141 [113] | wireshark [114] |
| | |
| DSA-3142 [115] | eglibc [116] |
| | |
| DSA-3143 [117] | virtualbox [118] |
| | |
| DSA-3145 [119] | privoxy [120] |
| | |
| DSA-3146 [121] | requests [122] |
| | |
| DSA-3149 [123] | condor [124] |
| | |
| DSA-3150 [125] | vlc [126] |
| | |
| DSA-3151 [127] | python-django [128] |
| | |
| DSA-3152 [129] | unzip [130] |
| | |
| DSA-3153 [131] | krb5 [132] |
| | |
| DSA-3154 [133] | ntp [134] |
| | |
| DSA-3155 [135] | postgresql-9.1 [136] |
| | |
| DSA-3156 [137] | vlc [138] |
| | |
| DSA-3156 [139] | mplayer [140] |
| | |
| DSA-3156 [141] | liblivemedia [142] |
| | |
| DSA-3158 [143] | unrtf [144] |
| | |
| DSA-3159 [145] | ruby1.8 [146] |
| | |
| DSA-3160 [147] | xorg-server [148] |
| | |
| DSA-3161 [149] | dbus [150] |
| | |
| DSA-3162 [151] | bind9 [152] |
| | |
| DSA-3164 [153] | typo3-src [154] |
| | |
| DSA-3165 [155] | xdg-utils [156] |
| | |
| DSA-3166 [157] | e2fsprogs [158] |
| | |
| DSA-3167 [159] | sudo [160] |
| | |
| DSA-3168 [161] | ruby-redcloth [162] |
| | |
| DSA-3169 [163] | eglibc [164] |
| | |
| DSA-3170 [165] | linux [166] |
| | |
| DSA-3171 [167] | samba [168] |
| | |
| DSA-3172 [169] | cups [170] |
| | |
| DSA-3174 [171] | iceweasel [172] |
| | |
| DSA-3176 [173] | request-tracker4 [174] |
| | |
| DSA-3177 [175] | mod-gnutls [176] |
| | |
| DSA-3178 [177] | unace [178] |
| | |
| DSA-3180 [179] | libarchive [180] |
| | |
| DSA-3181 [181] | xen [182] |
| | |
| DSA-3182 [183] | libssh2 [184] |
| | |
| DSA-3183 [185] | movabletype-opensource [186] |
| | |
| DSA-3184 [187] | gnupg [188] |
| | |
| DSA-3185 [189] | libgcrypt11 [190] |
| | |
| DSA-3186 [191] | nss [192] |
| | |
| DSA-3187 [193] | icu [194] |
| | |
| DSA-3188 [195] | freetype [196] |
| | |
| DSA-3189 [197] | libav [198] |
| | |
| DSA-3190 [199] | putty [200] |
| | |
| DSA-3191 [201] | gnutls26 [202] |
| | |
| DSA-3192 [203] | checkpw [204] |
| | |
| DSA-3193 [205] | tcpdump [206] |
| | |
| DSA-3194 [207] | libxfont [208] |
| | |
| DSA-3195 [209] | php5 [210] |
| | |
| DSA-3196 [211] | file [212] |
| | |
| DSA-3197 [213] | openssl [214] |
| | |
| DSA-3198 [215] | php5 [216] |
| | |
| DSA-3199 [217] | xerces-c [218] |
| | |
| DSA-3200 [219] | drupal7 [220] |
| | |
| DSA-3201 [221] | iceweasel [222] |
| | |
| DSA-3202 [223] | mono [224] |
| | |
| DSA-3203 [225] | tor [226] |
| | |
| DSA-3204 [227] | python-django [228] |
| | |
| DSA-3205 [229] | batik [230] |
| | |
| DSA-3206 [231] | dulwich [232] |
| | |
| DSA-3207 [233] | shibboleth-sp2 [234] |
| | |
| DSA-3208 [235] | freexl [236] |
| | |
| DSA-3209 [237] | openldap [238] |
| | |
| DSA-3210 [239] | wireshark [240] |
| | |
| DSA-3211 [241] | iceweasel [242] |
| | |
| DSA-3213 [243] | arj [244] |
| | |
| DSA-3214 [245] | mailman [246] |
| | |
| DSA-3215 [247] | libgd2 [248] |
| | |
| DSA-3216 [249] | tor [250] |
| | |
| DSA-3217 [251] | dpkg [252] |
| | |
| DSA-3218 [253] | wesnoth-1.10 [254] |
| | |
| DSA-3220 [255] | libtasn1-3 [256] |
| | |
| DSA-3221 [257] | das-watchdog [258] |
| | |
| DSA-3222 [259] | chrony [260] |
| | |
| DSA-3223 [261] | ntp [262] |
| | |
| DSA-3224 [263] | libxrender [264] |
| | |
| DSA-3224 [265] | libx11 [266] |
| | |
| DSA-3225 [267] | gst-plugins-bad0.10 [268] |
| | |
| DSA-3226 [269] | inspircd [270] |
| | |
| DSA-3227 [271] | movabletype-opensource [272] |
| | |
| DSA-3228 [273] | ppp [274] |
| | |
| DSA-3229 [275] | mysql-5.5 [276] |
| | |
| DSA-3230 [277] | django-markupfield [278] |
| | |
| DSA-3231 [279] | subversion [280] |
| | |
| DSA-3232 [281] | curl [282] |
| | |
| DSA-3233 [283] | wpa [284] |
| | |
| DSA-3237 [285] | linux [286] |
| | |
| DSA-3243 [287] | libxml-libxml-perl [288] |
| | |
| DSA-3245 [289] | ruby1.8 [290] |

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)