Updated Debian 7: 7.8 released

January 10th, 2015

The Debian project is pleased to announce the eighth update of its stable distribution Debian 7 (codename wheezy ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason apache2 Fix handling of chunk trailers to avoid bypass of intended mod_headers restrictions [CVE-2013-5704]; fix hostname comparison with SNI to be case insensitive apt Retry without partial data after a 416 response base-files Update debian_version for the point release bashburn Fix upgrades from the old mybashburn package in Squeeze clamav New upstream version; fix endless loop on special crafted quantum compressed cab files debian-archive-keyring Add archive signing keys for Jessie debian-installer Rebuild for the point release debian-installer-netboot-images Rebuild for the point release debootstrap Install base-passwd and base-files in two calls rather than one, to ensure correct ordering dhcpcd5 Fix denial of service [CVE-2014-6060] digikam Add versioned Breaks/Replaces on digikam-doc, to fix upgrades from Squeeze evolution-data-server Enable all SSL/TLS versions supported by NSS firetray Increase version compatibility with icedove freecol Disable introductory video to avoid hanging at startup gnustep-base Fix security issue in gdomap [CVE-2014-2980] and regression in -performSelector: with message forwarding gosa Fix XSS issue during login and authentication against LDAP server(s) via the gosa-admin DN intel-microcode Disable TSX instructions in Haswell and other errata iucode-tool Fix a possible buffer overwrite, memory leak and other issues found by coverity libclamunrar Update to new upstream version, in line with clamav libdatetime-timezone-perl New upstream release; update included data files to 2014j linux New upstream stable release; drm, agp: update to 3.4.105; rt: update to 3.2.64-rt94; KVM: don't report guest userspace emulation error to userspace [CVE-2014-7842], clear paravirt_enabled on KVM guests for espfix32's benefit [CVE-2014-8134]; isofs: fix infinite looping over CE entries [CVE-2014-9420] mumble Fix UDP communication failing until connected user's mic is activated and data sent; fix crash on connecting; properly HTML-escape some external strings before using them in a rich-text (HTML) context [CVE-2014-3756]; fix client DoS via SVG images with local file references [CVE-2014-3755] netcfg Fix missing bounds check on nameserver array iteration nostalgy Update for compatibility with new icedove versions from security nvidia-graphics-drivers New upstream release nvidia-graphics-modules Rebuild against updated nvidia-graphics-drivers shutdown-at-night Check for users before shutting down sieve-extension Increase version compatibility with icedove spamassassin Export perl_version to rules, as upstream has started using it in published rules tzdata New upstream release wireless-regdb New upstream release, with updated / added data xulrunner New source package split out from iceweasel (which no longer provides xulrunner in newer versions)

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

URLs

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.