Debian 10225 Published by

Debian 7.8 has been released



------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 7: 7.8 released press@debian.org
January 10th, 2015 https://www.debian.org/News/2015/20150110
------------------------------------------------------------------------


The Debian project is pleased to announce the eighth update of its
stable distribution Debian 7 (codename "wheezy"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list

Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package Reason

apache2 Fix handling of chunk trailers to avoid bypass of intended mod_headers restrictions [CVE-2013-5704]; fix hostname comparison with SNI to be case insensitive
apt Retry without partial data after a 416 response
base-files Update debian_version for the point release
bashburn Fix upgrades from the old "mybashburn" package in squeeze
clamav Fix endless loop on special crafted quantum compressed cab files; new upstream version
debian-archive-keyring Add archive signing keys for Jessie
debootstrap Install base-passwd and base-files in two calls rather than one to avoid problems with home-built media with different ordering in Packages
dhcpcd5 Fix denial of service [CVE-2014-6060]
digikam Add versioned Breaks/Replaces on digikam-doc, to fix upgrades from Squeeze
evolution-data-server Enable all SSL/TLS versions supported by NSS
firetray Increase version compatibility with icedove
freecol Disable intro video to avoid hanging at startup
gnustep-base Fix security issue in gdomap [CVE-2014-2980] and regression in -performSelector: with message forwarding
gosa Fix XSS issue during login and authentication against LDAP server(s) via the gosa-admin DN
intel-microcode Disable TSX instructions in Haswell and other errata
iucode-tool Fix a possible buffer overwrite, memory leak and other issues found by coverity
libclamunrar Update to new upstream version, in line with clamav
libdatetime-timezone-perl New upstream release; update included data files to 2014j
linux New upstream stable release; drm, agp: Update to 3.4.105; [rt] Update to 3.2.64-rt94; security fixes [CVE-2014-7842, CVE-2014-8134, CVE-2014-9420]
mumble Fix UDP communication failing until connected user's mic is activated and data sent; fix crash on connecting; properly HTML-escape some external strings before using them in a rich-text (HTML) context [CVE-2014-3756]; fix client DoS via SVG images with local file references [CVE-2014-3755]
netcfg Fix missing bounds check on nameserver array iteration
nostalgy Update for compatibility with new icedove versions from security
nvidia-graphics-drivers New upstream release
shutdown-at-night Check for active users before shutting down
sieve-extension Increase version compatibility with icedove
spamassassin Export perl_version to rules, as upstream has started using it in published rules
tzdata New upstream release
wireless-regdb New upstream release, with updated / added data
xulrunner New source package split out from iceweasel (which no longer provides xulrunner in newer versions)
  Debian 7.8 released