Updated Debian 7: 7.1 released

June 15th, 2013

The Debian project is pleased to announce the first update of its stable distribution Debian 7 (codename wheezy ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away 7 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason alsa-base Correctly use /etc/default/alsa-base for configuration, rather than /etc/default/alsa apt Do not propagate negative scores from rdepends; properly handle if-modified-since with libcurl/https assaultcube-data Fix updates from squeeze; add missing Breaks/Replaces base-files Update for the point release brltty Ensure accessibility is enabled on the installed system if it was enabled in the installer; enable sound events at gdm banner clutter-gst Restore multiarch co-installability cyrus-imapd-2.4 Fix dataloss during upgrades and links in documentation cyrus-sasl2 Fix heavy CPU usage in saslauthd; send LOGOUT before closing connection in auth_rimap; fix garbage in output buffer when using canonuser_plugin: ldapdb debian-history Updates for the wheezy release debian-installer Set version to 7 ; enable building against proposed-updates debootstrap Add support for jessie dh-make-drupal Use HTTPS for connections to drupal.org distro-info-data Update Debian data for the wheezy release; update Ubuntu data to add saucy and correct some dates empathy Handle readonly URL field in Google Talk vCards freebsd-utils Don't use --pidfile when starting/stopping daemons that don't create one; stop nfsd with the correct signal gcc-msp430 Fix generation of wrong interrupt table for MSP430FR5xxx targets, resulting in blown security fuses get-iplayer Update SWF verification URL after changes by the BBC gitg Fix run-time crashes and drag'n'drop gnome-settings-daemon Fix segfault on mipsel; fix crash when the Disable touchpad while typing option is activated gpsd Fix crash and potential DoS isc-dhcp Fix CVE-2013-2494; set --with-ldapcrypto to restore openssl support isdnutils Unbreak debian/{ipppd,isdnlog}.config; create isdnctrl symlink as /dev/isdnctrl and cleanup possibly misplaced symlink /isdnctrl keystone Fix CVE-2013-2059 lapack Fix some routines which produce incorrect results in multithreaded environments libdatetime-timezone-perl Update for 2013c timezone data libiodbc2 Find odbc drivers in a system dir, fixing usability and co-installability with multiarch odbc drivers libnss-myhostname Ignore link-local addresses libpam-mklocaluser Fix runcmd() libquvi-scripts New upstream release libreoffice Fix build failures; remove lib/servlet.jar; fix --view; make oosplash wait for InternalIPC::ProcessingDone; remove python3-uno dependencies libvirt Fix leak in virStorageBackendLogicalMakeVol; allow xen toolstack to find its binaries linux Incorporate new upstream stable updates; update drm/agp to 3.4.47 lsb Update for new X.Y stable versioning; add jessie modsecurity-apache Fix NULL pointer dereference. CVE-2013-2765 mozc Fix error connecting to mozc-server as root; fix dependencies of fcitx-mozc munin Fix several limit checks and crashes; ignore devtmpfs in df plugin nbd Fix handling of NBD_NAME by nbd-client initscript; several stability fixes nfs-utils Fix CVE-2013-1923, getopt handling for -R and hangs in mountd nvidia-graphics-drivers Add missing dependency on nvidia-support octave Fix rcond function openblas Fix crashes and use of uninitialised data; fix FTBFS on powerpc machines with Power7 arch openvpn Fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061 pcsc-lite Fix upgrades from squeeze and the check for a running systemd php5 Fix CVE-2013-1643 patch, crash in garbage collection, drops in FPM receiving data in FastCGI, libmagic detection of Microsoft Office documents, and mssql connector with Azure SQL; fix $_SERVER[REQUEST_TIME] in filter SAPI; make the Breaks on php5-suhosin versioned to allow suhosin backports pristine-tar Update list of allowed parameters for wheezy to support files created with newer versions profnet Fix fortran runtime error psqlodbc Versioned Breaks: libiodbc2 (<= 3.52.7-2), it is multiarch-aware now; fixes co-installability with KDE py3dns Fix regression in AAAA query result type readline5 Fix multiarch paths rhash Fix incorrect SHA-512 hashes of some messages and incorrect GOST hashes on some architectures ruby-tmail Fix parsing of unquoted attachment filenames schleuder Fix -sendkey, plugin directory configuration and member listing sl-modem Add dummy empty prerm script to work around upgrade failures from squeeze smcroute Fix a NULL pointer dereferencing in interface vector initialization systemtap Support /sys/kernel/debug mounted 0700 to cope with new debugfs permissions introduced by linux 3.2.29-1 tasksel Fix unintended auto-selection of ssh-server task on desktop machines tzdata New upstream version wdm Ignore pam_selinux.so failures when the module does not exist (e.g. on non-Linux architectures) win32-loader Rebuild to update the embedded dependencies xorg Add xserver-xorg-input-vmmouse to -all on i386 and amd64

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s) DSA-2666 xen Multiple issues DSA-2667 mysql-5.5 Multiple issues DSA-2669 linux Multiple issues DSA-2669 user-mode-linux Multiple issues DSA-2671 request-tracker4 Multiple issues DSA-2672 kfreebsd-9 Interpretation conflict DSA-2673 libdmx Multiple issues DSA-2674 libxv Multiple issues DSA-2675 libxvmc Multiple issues DSA-2676 libxfixes Multiple issues DSA-2677 libxrender Multiple issues DSA-2678 mesa Multiple issues DSA-2679 xserver-xorg-video-openchrome Multiple issues DSA-2680 libxt Multiple issues DSA-2681 libxcursor Multiple issues DSA-2682 libxext Multiple issues DSA-2683 libxi Multiple issues DSA-2684 libxrandr Multiple issues DSA-2685 libxp Multiple issues DSA-2686 libxcb Multiple issues DSA-2687 libfs Multiple issues DSA-2688 libxres Multiple issues DSA-2689 libxtst Multiple issues DSA-2690 libxxf86dga Multiple issues DSA-2691 libxinerama Multiple issues DSA-2692 libxxf86vm Multiple issues DSA-2693 libx11 Multiple issues DSA-2694 spip Privilege escalation DSA-2695 chromium-browser Multiple issues DSA-2696 otrs2 Privilege escalation DSA-2697 gnutls26 Out-of-bounds array read DSA-2702 telepathy-gabble TLS verification bypass DSA-2703 subversion Multiple issues

Debian Installer

The installer has been rebuilt to include the fixes incorporated into stable by the point release.

URLs

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.