[Freepto] Upcoming Debian GNU/Linux 7 Update (7.4)

Delete this message

Reply to this message
Author: vinc3nt
Date:  
To: freepto
Subject: [Freepto] Upcoming Debian GNU/Linux 7 Update (7.4)
-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 44-1        http://www.debian.org/
debian-release@???            Adam D. Barratt
February 5th, 2014
-------------------------------------------------------------------------


Upcoming Debian GNU/Linux 7 Update (7.4)

An update to Debian GNU/Linux 7 is scheduled for Saturday, February 8th,
2014. As of now it will include the following bug fixes. They can be
found in "wheezy-proposed-updates", which is carried by all official
mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "wheezy-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@??? on your mails.

The point release will also include a rebuild of debian-installer.


Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

    Package                            Reason


    apache2                            Fix mod_rewrite log escaping
(CVE-2013-1862), mod_dav denial of service (CVE-2013-1896) and segfaults
in certain error conditions
    base-files                         Update for the point release
    ctdb                               Fix service stop and restart
failing when trying to remove a public IP address not assigned locally
    debian-handbook                    Update for wheezy
    debian-installer                   Rebuild for the point release
    eglibc                             Several security fixes; fix
SIGFPE when locale-archive has been corrupted to all zeros; kfreebsd:
always put supplied extra gid as the first entry of group list in
setgroups(); fix sys_ktimer_settime
    gatling                            Restore compatibility with
PolarSSL security update
    gnash                              Fix playing youtube movies using
the ffmpeg media handler
    kexec-tools                        Handle x.y kernel versions
    kfreebsd-8                         Several security fixes
    kfreebsd-9                         Disable VIA hardware RNG by
default; fix lseek ENXIO error condition with ZFS
    lazr.restfulclient                 Fix some concurrency issues
    libapache2-mod-rpaf                Restore accidentally dropped ipv6
patch
    libglib-object-introspection-perl  Fix incorrect memory allocation
that causes segfaults in reverse-dependencies
    libhtml-formhandler-perl           Fix FTBFS
    libmicrohttpd                      Various security issues
    libnet-mac-vendor-perl             Fix FTBFS due to failing
t/fetch_oui.t test
    libotr                             Disable insecure OTRv1 protocol
    linux                              Various security fixes; update to
stable 3.2.54; update drm, agp to 3.4.76; fix CVE-2013-4579,
CVE-2013-6368, CVE-2014-1446
    localepurge                        Fix CVE-2014-1638, unsafe
tempfile creation
    lxc                                Use latest upstream provided
lxc-debian; add rsync to Recommends
    mapserver                          Fix CVE-2013-7262, an SQL
injection vulnerability in the msPostGISLayerSetTimeFilter function
    nut                                Reset USB timeout to standard 5
seconds
    openssl                            Enable assembler for the arm
targets; enable ec_nistp_64_gcc_128 on *-amd64
    pdns                               Fix lengths of the
records.content and supermasters.ip columns
    ruby-gsl                           Remove non-free documentation
    ruby-opengl                        Remove example with unclear license
    rush                               Fix CVE-2013-6889, file access
escalation
    samhain                            Disable dnmalloc for all
architectures expect those known to work; fix mail sending from default
configuration
    spip                               Fix XSS on signature from author
[CVE-2013-7303]
    tuxguitar                          Update list of supported
xulrunner versions
    tzdata                             New upstream release
    vips                               Fix crash on tiff with jpeg
compression
    wget                               Add support for SNI
    whois                              New upstream release; update
various TLDs
    xfce4-weather-plugin               Fix abort when <hi> element is empty


A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<http://release.debian.org/proposed-updates/stable.html>

Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

    Package                    Reason


    iceape              Security support removed



If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@???.