Updated Debian 7: 7.2 released

October 12th, 2013

The Debian project is pleased to announce the second update of its stable distribution Debian 7 (codename wheezy ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away older wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason adblock-plus Declare compatibility with more recent Iceweasel versions apr Don't override CFLAGS and LDFLAGS during build. This fixes the debug information being useless atlas Add Breaks: octave3.2 to try and improve some squeeze to wheezy upgrade paths base-files Update version for point release coherence Fix incompatibilities with newer Twisted releases cookie-monster Declare compatibility with newer iceweasel versions cups Dnssd backend: don't crash if avahi gives a callback with no TXT record curl Fix reporting of CURLINFO_CONDITION_UNMET debian-edu Update from debian-edu-wheezy; remove chmsee Recommends debian-edu-artwork Update from debian-edu-wheezy debian-edu-doc Update from debian-edu-wheezy debian-edu-install Update from debian-edu-wheezy devscripts Fix build-rdeps to work with Wheezy being stable dkimpy Fix Gmail signature verification failures due to improper FWS regular expression dpkg Fix performance issue by correctly caching variables in Dpkg::Arch; fix chmod() arguments order in Dpkg::Source::Quilt; only ignore older packages if the existing version is informative; fix user after free; fix usage of non-existent _() function in multiple places of the Perl code; add Italian man-page translation emboss-explorer Fix application menu when used with EMBOSS 6.4 fai Fix path to dpkg-divert; fix nfsroot package list; lib/task_sysinfo: make sure device is a valid block device before accessing it; documentation updates firecookie Declare compatibility with newer iceweasel versions firetray Restore compatibility with newer iceweasel versions flash-kernel Machine database is case-sensitive so ensure that all instances of Required-Packages are capitalized correctly foxyproxy Declare compatibility with more recent Mozilla software freetds Make libiodbc Breaks versioned now that it can load multiarch drivers fwknop Fixed failure to send SPA packets due to uninitialised variable gajim Improve SSL/TLS handling; fix certificate validation ghostscript Fix endless loops related to unbalanced q/Q operators glusterfs Fix use of ext4 backend with linux>= 3.2.46-1+deb7u1 gnome-settings-daemon Stop installing security updates without confirmation gnome-shell Improve GC deadlock handling; make the disable-restart-buttons option of gdm-shell work gosa Fix LDAP mass import grub2 Fix booting FreeBSD>= 9.1 amd64 kernels gxine Switch to libmozjs185-dev as the package fails to build with newer versions of libmozjs-dev ibus Fix ibus-setup breakage by setting all related packages to use --libexec=/usr/lib/ibus ibus-anthy Fix libexecdir; add python-glade2 to Depends ibus-hangul Fix libexecdir ibus-m17n Fix libexecdir ibus-pinyin Fix libexecdir ibus-skk Fix libexecdir ibus-sunpinyin Fix libexecdir ibus-xkbc Fix libexecdir iceweasel Fix builds on several architectures ifmetric Fix NETLINK: Packet too small or truncated! error intel-microcode Update microcode iso-scan Fix full search entry when no ISOs are found kfreebsd-downloader Switch to people.debian.org URL for kernel.txz download; the old location no longer works krb5-auth-dialog Fix krb5_principal_compare crashes on NULL arguments lftp Fix splits input script file after byte 4096 libdatetime-timezone-perl New upstream release libdigest-sha-perl Fix double-free when Digest::SHA object is destroyed libmodule-metadata-perl Don't claim not to execute code libmodule-signature-perl CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE libquvi-scripts New upstream release libvirt Fix libvirtd crash when destroying a domain with attached console and race condition when destroying guests; make sure qemu.conf isn't world readable by default linux Update to 3.2.51 / drm/agp 3.4.6; disable SATA_INIC162X driver; improve efivars free space check lm-sensors Skip probing for EDID or graphics cards, as it might cause hardware issues lvm2 Fix udev rules to properly exclude special devices and always call udev sync mapserver Fix strict Content-Type matching; correctly enable AGG support mdbtools Version libiodbc Breaks now that it can load multiarch drivers; fix SEGV in blob data handling; fix double free SEGV in gmdb2 dissector meta-gnome3 Demote xul-ext-adblock-plus to Suggests moin Avoid creation of empty pagedir multipath-tools Fix upstream copy of kpartx rules; call PREREQS before calling scripts/functions; don't plain exit if root is on multipath device mutt Stop segfaulting when listing folders with new mails over imap; don't send saved messages to trash myodbc Version libiodbc Breaks now that it can load multiarch drivers netcfg Fix check for whether network-manager is installed nmap Sanitise filenames to fix CVE-2013-4885 (remote arbitrary file creation vulnerability) openvpn Fix regression with multihome option openvrml Disable JavaScript support as newer versions of Mozilla's JS engine are not supported by openvrml openvswitch Reset upper layer protocol info on internal devices perl Fix Digest::SHA double-free crash; fix issue with shared references disappearing on sub return; apply correctness patches from 5.14.4 perspectives-extension Fix calculation of quorum length with low number of notaries and/or low quorum percentage php5 Fix several issues relating to traits; don't reset mod_user_is_open in destroy to avoid an annoying warning when using sessions postgresql-common Handle wheezy point release versions pyopencl Remove non-free file from examples python-defaults Add symlink for /usr/bin/python2, used by various non-distro scripts python-dns Fix timeouts associated with only one of several available nameservers being unavailable python-httplib2 Fix CVE-2013-2037; close connection on certificate mismatch to avoid reuse python-keystoneclient Fix CVE-2013-2013: OpenStack keystone password disclosure on command line redmine Fix ruby 1.9.1 support rt-tests Fix hackbench on armhf rygel Prevent autostart of rygel by default; the default configuration file exposes files to the LAN sage-extension Fix compability with iceweasel 17; ensure that links in the main window are clickable samba Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation shotwell Fix crash at startup shutdown-at-night Stop client wake-up cron job complaining about unpingable machines sitesummary Fix robustness and kernel version parsing in nagios plugin slbackup-php Fix non-HTTPS logins; don't assume a backup host exists in DNS; search for configuration file in a package-specific folder smbldap-tools Use correct name for net(8); fix qw() warning stellarium Prevent segfault when OpenGL is not present subversion Fix Python bindings when built against swig 2.0.5+ sysvinit Correct the Breaks on bootchart to ensure that all broken versions are removed on upgrade telepathy-gabble Work around Facebook server behaviour change with service discovery; initialize libdbus for thread-safety; fix potential FTBFS in highly-parallel builds telepathy-idle Validate TLS certificates tntnet Fix insecure default tntnet.conf torrus Fix SNMPv1 maxrepetitions issues trac New upstream stable release ttytter Update to work with the Twitter 1.1 API tzdata New upstream release user-mode-linux Rebuild against linux 3.2.51-1 uwsgi Fix loading of nagios plugin virtinst Don't specify absolute paths to xen tools; virt-clone: properly set image type wv2 Repack to remove src/generator/generator_wword{6,8}.htm, which should have been removed in earlier uploads xinetd Fix CVE-2013-4342 making TCPMUX services change the uid xmonad-contrib Fix CVE-2013-1436

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s) DSA-2698 tiff Buffer overflow DSA-2699 iceweasel Multiple issues DSA-2700 wireshark Multiple issues DSA-2701 krb5 Denial of service DSA-2704 mesa Out of bounds access DSA-2705 pymongo Denial of service DSA-2706 chromium-browser Multiple issues DSA-2707 dbus Denial of service DSA-2708 fail2ban Denial of service DSA-2709 wireshark Multiple issues DSA-2710 xml-security-c Multiple issues DSA-2712 otrs2 Privilege escalation DSA-2713 curl Heap overflow DSA-2714 kfreebsd-9 Programming error DSA-2715 puppet Code execution DSA-2716 iceweasel Multiple issues DSA-2717 xml-security-c Heap overflow DSA-2718 wordpress Multiple issues DSA-2721 nginx Nginx security update DSA-2723 php5 Heap corruption DSA-2724 chromium-browser Multiple issues DSA-2725 tomcat6 Multiple issues DSA-2726 php-radius Buffer overflow DSA-2728 bind9 Denial of service DSA-2729 openafs Multiple issues DSA-2730 gnupg Information leak DSA-2731 libgcrypt11 Information leak DSA-2732 chromium-browser Multiple issues DSA-2733 otrs2 SQL injection DSA-2734 wireshark Multiple issues DSA-2735 iceweasel Multiple issues DSA-2736 putty Multiple issues DSA-2737 swift Multiple issues DSA-2739 cacti Multiple issues DSA-2740 python-django Regression DSA-2741 chromium-browser Multiple issues DSA-2742 php5 Interpretation conflict DSA-2743 kfreebsd-9 Multiple issues DSA-2744 tiff Multiple issues DSA-2745 linux Multiple issues DSA-2745 user-mode-linux Multiple issues DSA-2747 cacti Multiple issues DSA-2748 exactimage Denial of service DSA-2750 imagemagick Buffer overflow DSA-2751 libmodplug Multiple issues DSA-2752 phpbb3 Too wide permissions DSA-2753 mediawiki Cross-site request forgery token disclosure DSA-2754 exactimage Denial of service DSA-2755 python-django Directory traversal DSA-2756 wireshark Multiple issues DSA-2758 python-django Denial of service DSA-2759 iceweasel Multiple issues DSA-2760 chrony Multiple issues DSA-2761 puppet Multiple issues DSA-2763 pyopenssl Hostname check bypassing DSA-2764 libvirt Programming error DSA-2765 davfs2 Privilege escalation DSA-2767 proftpd-dfsg Denial of service

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason chmsee Fails to build with Iceweasel 17 dactyl Incompatible with Iceweasel 17 edbrowse Incompatible with Iceweasel 17 jclicmoodle Requires missing moodle pyxpcom Incompatible with Iceweasel 17 turpial Broken by Twitter changes

Debian Installer

The installer has been updated to add support for QNAP TS-12x, TS-22x and TS-42x devices, to correctly detect whether network interfaces should be managed via NetworkManager and to include the fixes incorporated into stable by the point release.

URLs

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.