Updated Debian 8: 8.2 released

September 5th, 2015

The Debian project is pleased to announce the second update of its stable distribution Debian 8 (codename jessie ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were published separately and are referenced where applicable.

Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old jessie CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason akonadi Fix a bug that caused old files to be kept when they should be removed apache2 Fix conffile logic for wheezy to jessie upgrades; fix -D[efined] or <Define>[d] variables lifetime accross restarts; mpm_event: Fix process deadlock when shutting down a worker; mpm_event: Fix crashes due to various race conditions apt Parse specific-arch dependencies correctly on single-arch systems; remove first package seen is native package assumption; fix endless loop in apt-get update that can cause all disk space to be used bareos Fix backup corruption on multi-volume jobs; add autopkgtests base-files Update for the point release binutils-mingw-w64 Apply upstream fix to handle Visual Studio DLLs bird Correctly migrate bird6.conf from bird6 package cron Cron.service: Use KillMode=process to kill only the daemon, not running jobs cross-gcc Require bash in rules.template makefile dbus Fix a memory leak when GetConnectionCredentials is called; stop dbus-monitor replying to org.freedesktop.DBus.Peer messages, including those that another process should have replied to debian-installer Add image for Seagate DockStar; add symlinks for OpenRD variants; append DTB for LaCie NAS devices that require it debian-installer-launcher Set the menu icon text in the source package to read Install Debian jessie debian-installer-netboot-images Rebuild against new debian-installer designate Fix mDNS DoS through incorrect handling of large RecordSets [CVE-2015-5695] dovecot Fix SSL/TLS handshake failures leading to a crash of the login process with newer versions of OpenSSL [CVE-2015-3420]; fix mbox corruption issue ejabberd Fix logging of nicknames in muc logs and parsing of ldap_dn_filter option; postinst: restart on upgrade; logrotate: don't signal a non-running daemon flash-kernel Combine i.MX53 QSB and LOCO board entries, they are the same thing and the LOCO variant was missing DTB information, possibly causing issues during wheezy to jessie upgrades fusiondirectory Access javascript libraries via a path relative to FusionDirectory's base path glibc Fix pthread_mutex_trylock with lock elision; fix gprof entry point on ppc64el; fix a buffer overflow in getanswer_r [CVE-2015-1781] glusterfs Stop creating UNIX domain sockets as FIFOs on NFS gnome-terminal Open new tabs in working directory, rather than home directory gnutls28 Fix a crash in VIA PadLock asm; fix GNUTLS-SA-2015-2, which allowed MD5 signatures (which are disabled by default) in the ServerKeyExchange message gosa Fix idGenerator for patterns like {%sn[3-6}-{%givenName[3-6]}; enable CSV / LDIF import on (non-Debian-Edu) clean installations by default groovy2 Fix remote execution of untrusted code and possible DoS vulnerability [CVE-2015-3253] grub-installer Correctly propagate grub-installer/force-efi-extra-removable to installed system gtk+3.0 Fix several crashes haproxy Fix a segfault when parsing a configuration file containing disabled proxy sections how-can-i-help Use HTTPS to connect to UDD kic configure: Do not add -L without argument to $LIBS lame Enable functions with SSE instructions to maintain their own properly aligned stack. Fixes crashes when called from the ocaml bindings libdatetime-timezone-perl New upstream release libgee-0.8 Fix default value of --enable-consistency-check, otherwise a very expensive debug option is turned on by default and would make a lot of applications unusably slow libio-socket-ssl-perl Make PublicSuffix::_default_data thread safe libisocodes Fix GLib critical warning if the environment variable LANGUAGE is not set libvirt Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu; fix crash on live migration; allow access to libnl-3 configuration; report original error when QMP probing fails with new QEMU linux-ftpd-ssl Fix NLST of empty directory results in segfault lynx-cur Use gnutls_set_default_priority() instead of a custom priority string, so fixing GNUTLS-SA-2015-2 in GnuTLS does not break SSL support in lynx mesa Disable asynchronous DMA on radeonsi which can cause lockups motif Disable fix for upstream bug #1565 which caused segfaults in ddd and xpdf mozilla-gnome-keyring Restore compatibility with newer Iceweasel versions nbd Fix authfile parsing nss Fix certificate chain generation to prefer stronger/newer certificates over weaker/older certs ocl-icd Fix clSVMFree never called in OpenCL ICD pdf.js Drop xul-ext-pdf.js package since it's not compatible with iceweasel 38 postgresql-9.1 New upstream release postgresql-9.4 New upstream release prosody Fix CNAME resolution python-apt Work around a cyclic reference from Cache to its methods; LFS fixes; fix splitting of multi-lines Binary fields in dsc files; arch-qualify in compare_to_version_in_cache(); fix apt.Package.installed_files for multi-arch packages python-keystoneclient Fix S3token incorrect condition expression for ssl_insecure [CVE-2015-1852] python-keystonemiddleware Fix S3Token TLS cert verification option not honored [CVE-2015-1852] python-reportlab Correctly handle PNGs containing transparency python-swiftclient Add missing dependency on python-pkg-resources r-cran-rcurl Build-Depend on libcurl4-openssl-dev, fixing issues with PEM certificate bundles rawtherapee Fix dcraw imput sanitization errors [CVE-2015-3885] requestpolicy Restore compatibility with newer Iceweasel versions rsyslog Disable transactions in ompgsql as they were not working properly ruby2.1 Fix Request hijacking vulnerability in Rubygems [CVE-2015-3900] syslinux Fix booting on some Chromebooks systemd Disable default DNS servers in systemd-resolve; use strictly versioned dependendency on libsystemd-dev for the transitional dev packages; udev: Increase udev event timeout to 180s tabmixplus Restore compatibility with newer Iceweasel versions tcpdump Fix -Z confirmation log being sent to stdout, where it can get mixed with pcap stream data if '-w -' is used torrus Revert broken patch refresh, thereby fixing rrdup_notify tzdata New upstream release ufraw Fix buffer overflow in ljpeg_start [CVE-2015-3885] unattended-upgrades Make optional automatic-reboot work again; really fix adding of jessie-security wesnoth-1.10 Disallow inclusion of .pbl files from WML [CVE-2015-5069, CVE-2015-5070] xemacs21 Conflict against old transitional packages to make absolutely sure that they are removed before we try to upgrade; remove dependency from support to binary package since the binary package already has the equivalent dependency xserver-xorg-video-modesetting Don't pretend to support rotation

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason criu Fast-moving target, too difficult to keep updated dactyl Incompatible with newer Iceweasel versions fullscreen-extension Incompatible with newer Iceweasel versions netty3.1 Dependency for non-present jetty php-zend-xml Security issues; useless in Debian rubyfilter Broken (empty) package

Debian Installer

URLs

The installer has been updated to add support for Seagate DockStar devices and to include the fixes incorporated into stable by the point release.

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.