Updated Debian 7: 7.2 released

October 12th, 2013

The Debian project is pleased to announce the second update of its stable distribution Debian 7 (codename wheezy). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away older wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
adblock-plus Declare compatibility with more recent Iceweasel versions
apr Don't override CFLAGS and LDFLAGS during build. This fixes the debug information being useless
atlas Add Breaks: octave3.2 to try and improve some squeeze to wheezy upgrade paths
base-files Update version for point release
coherence Fix incompatibilities with newer Twisted releases
cookie-monster Declare compatibility with newer iceweasel versions
cups Dnssd backend: don't crash if avahi gives a callback with no TXT record
curl Fix reporting of CURLINFO_CONDITION_UNMET
debian-edu Update from debian-edu-wheezy; remove chmsee Recommends
debian-edu-artwork Update from debian-edu-wheezy
debian-edu-doc Update from debian-edu-wheezy
debian-edu-install Update from debian-edu-wheezy
devscripts Fix build-rdeps to work with Wheezy being stable
dkimpy Fix Gmail signature verification failures due to improper FWS regular expression
dpkg Fix performance issue by correctly caching variables in Dpkg::Arch; fix chmod() arguments order in Dpkg::Source::Quilt; only ignore older packages if the existing version is informative; fix user after free; fix usage of non-existent _() function in multiple places of the Perl code; add Italian man-page translation
emboss-explorer Fix application menu when used with EMBOSS 6.4
fai Fix path to dpkg-divert; fix nfsroot package list; lib/task_sysinfo: make sure device is a valid block device before accessing it; documentation updates
firecookie Declare compatibility with newer iceweasel versions
firetray Restore compatibility with newer iceweasel versions
flash-kernel Machine database is case-sensitive so ensure that all instances of Required-Packages are capitalized correctly
foxyproxy Declare compatibility with more recent Mozilla software
freetds Make libiodbc Breaks versioned now that it can load multiarch drivers
fwknop Fixed failure to send SPA packets due to uninitialised variable
gajim Improve SSL/TLS handling; fix certificate validation
ghostscript Fix endless loops related to unbalanced q/Q operators
glusterfs Fix use of ext4 backend with linux>= 3.2.46-1+deb7u1
gnome-settings-daemon Stop installing security updates without confirmation
gnome-shell Improve GC deadlock handling; make the disable-restart-buttons option of gdm-shell work
gosa Fix LDAP mass import
grub2 Fix booting FreeBSD>= 9.1 amd64 kernels
gxine Switch to libmozjs185-dev as the package fails to build with newer versions of libmozjs-dev
ibus Fix ibus-setup breakage by setting all related packages to use --libexec=/usr/lib/ibus
ibus-anthy Fix libexecdir; add python-glade2 to Depends
ibus-hangul Fix libexecdir
ibus-m17n Fix libexecdir
ibus-pinyin Fix libexecdir
ibus-skk Fix libexecdir
ibus-sunpinyin Fix libexecdir
ibus-xkbc Fix libexecdir
iceweasel Fix builds on several architectures
ifmetric Fix NETLINK: Packet too small or truncated! error
intel-microcode Update microcode
iso-scan Fix full search entry when no ISOs are found
kfreebsd-downloader Switch to people.debian.org URL for kernel.txz download; the old location no longer works
krb5-auth-dialog Fix krb5_principal_compare crashes on NULL arguments
lftp Fix splits input script file after byte 4096
libdatetime-timezone-perl New upstream release
libdigest-sha-perl Fix double-free when Digest::SHA object is destroyed
libmodule-metadata-perl Don't claim not to execute code
libmodule-signature-perl CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE
libquvi-scripts New upstream release
libvirt Fix libvirtd crash when destroying a domain with attached console and race condition when destroying guests; make sure qemu.conf isn't world readable by default
linux Update to 3.2.51 / drm/agp 3.4.6; disable SATA_INIC162X driver; improve efivars free space check
lm-sensors Skip probing for EDID or graphics cards, as it might cause hardware issues
lvm2 Fix udev rules to properly exclude special devices and always call udev sync
mapserver Fix strict Content-Type matching; correctly enable AGG support
mdbtools Version libiodbc Breaks now that it can load multiarch drivers; fix SEGV in blob data handling; fix double free SEGV in gmdb2 dissector
meta-gnome3 Demote xul-ext-adblock-plus to Suggests
moin Avoid creation of empty pagedir
multipath-tools Fix upstream copy of kpartx rules; call PREREQS before calling scripts/functions; don't plain exit if root is on multipath device
mutt Stop segfaulting when listing folders with new mails over imap; don't send saved messages to trash
myodbc Version libiodbc Breaks now that it can load multiarch drivers
netcfg Fix check for whether network-manager is installed
nmap Sanitise filenames to fix CVE-2013-4885 (remote arbitrary file creation vulnerability)
openvpn Fix regression with multihome option
openvrml Disable JavaScript support as newer versions of Mozilla's JS engine are not supported by openvrml
openvswitch Reset upper layer protocol info on internal devices
perl Fix Digest::SHA double-free crash; fix issue with shared references disappearing on sub return; apply correctness patches from 5.14.4
perspectives-extension Fix calculation of quorum length with low number of notaries and/or low quorum percentage
php5 Fix several issues relating to traits; don't reset mod_user_is_open in destroy to avoid an annoying warning when using sessions
postgresql-common Handle wheezy point release versions
pyopencl Remove non-free file from examples
python-defaults Add symlink for /usr/bin/python2, used by various non-distro scripts
python-dns Fix timeouts associated with only one of several available nameservers being unavailable
python-httplib2 Fix CVE-2013-2037; close connection on certificate mismatch to avoid reuse
python-keystoneclient Fix CVE-2013-2013: OpenStack keystone password disclosure on command line
redmine Fix ruby 1.9.1 support
rt-tests Fix hackbench on armhf
rygel Prevent autostart of rygel by default; the default configuration file exposes files to the LAN
sage-extension Fix compability with iceweasel 17; ensure that links in the main window are clickable
samba Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation
shotwell Fix crash at startup
shutdown-at-night Stop client wake-up cron job complaining about unpingable machines
sitesummary Fix robustness and kernel version parsing in nagios plugin
slbackup-php Fix non-HTTPS logins; don't assume a backup host exists in DNS; search for configuration file in a package-specific folder
smbldap-tools Use correct name for net(8); fix qw() warning
stellarium Prevent segfault when OpenGL is not present
subversion Fix Python bindings when built against swig 2.0.5+
sysvinit Correct the Breaks on bootchart to ensure that all broken versions are removed on upgrade
telepathy-gabble Work around Facebook server behaviour change with service discovery; initialize libdbus for thread-safety; fix potential FTBFS in highly-parallel builds
telepathy-idle Validate TLS certificates
tntnet Fix insecure default tntnet.conf
torrus Fix SNMPv1 maxrepetitions issues
trac New upstream stable release
ttytter Update to work with the Twitter 1.1 API
tzdata New upstream release
user-mode-linux Rebuild against linux 3.2.51-1
uwsgi Fix loading of nagios plugin
virtinst Don't specify absolute paths to xen tools; virt-clone: properly set image type
wv2 Repack to remove src/generator/generator_wword{6,8}.htm, which should have been removed in earlier uploads
xinetd Fix CVE-2013-4342 making TCPMUX services change the uid
xmonad-contrib Fix CVE-2013-1436

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s)
DSA-2698 tiffBuffer overflow
DSA-2699 iceweaselMultiple issues
DSA-2700 wiresharkMultiple issues
DSA-2701 krb5Denial of service
DSA-2704 mesaOut of bounds access
DSA-2705 pymongoDenial of service
DSA-2706 chromium-browserMultiple issues
DSA-2707 dbusDenial of service
DSA-2708 fail2banDenial of service
DSA-2709 wiresharkMultiple issues
DSA-2710 xml-security-cMultiple issues
DSA-2712 otrs2Privilege escalation
DSA-2713 curlHeap overflow
DSA-2714 kfreebsd-9Programming error
DSA-2715 puppetCode execution
DSA-2716 iceweaselMultiple issues
DSA-2717 xml-security-cHeap overflow
DSA-2718 wordpressMultiple issues
DSA-2721 nginxNginx security update
DSA-2723 php5Heap corruption
DSA-2724 chromium-browserMultiple issues
DSA-2725 tomcat6Multiple issues
DSA-2726 php-radiusBuffer overflow
DSA-2728 bind9Denial of service
DSA-2729 openafsMultiple issues
DSA-2730 gnupgInformation leak
DSA-2731 libgcrypt11Information leak
DSA-2732 chromium-browserMultiple issues
DSA-2733 otrs2SQL injection
DSA-2734 wiresharkMultiple issues
DSA-2735 iceweaselMultiple issues
DSA-2736 puttyMultiple issues
DSA-2737 swiftMultiple issues
DSA-2739 cactiMultiple issues
DSA-2740 python-djangoRegression
DSA-2741 chromium-browserMultiple issues
DSA-2742 php5Interpretation conflict
DSA-2743 kfreebsd-9Multiple issues
DSA-2744 tiffMultiple issues
DSA-2745 linuxMultiple issues
DSA-2745 user-mode-linuxMultiple issues
DSA-2747 cactiMultiple issues
DSA-2748 exactimageDenial of service
DSA-2750 imagemagickBuffer overflow
DSA-2751 libmodplugMultiple issues
DSA-2752 phpbb3Too wide permissions
DSA-2753 mediawikiCross-site request forgery token disclosure
DSA-2754 exactimageDenial of service
DSA-2755 python-djangoDirectory traversal
DSA-2756 wiresharkMultiple issues
DSA-2758 python-djangoDenial of service
DSA-2759 iceweaselMultiple issues
DSA-2760 chronyMultiple issues
DSA-2761 puppetMultiple issues
DSA-2763 pyopensslHostname check bypassing
DSA-2764 libvirtProgramming error
DSA-2765 davfs2Privilege escalation
DSA-2767 proftpd-dfsgDenial of service

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason
chmsee Fails to build with Iceweasel 17
dactyl Incompatible with Iceweasel 17
edbrowse Incompatible with Iceweasel 17
jclicmoodle Requires missing moodle
pyxpcom Incompatible with Iceweasel 17
turpial Broken by Twitter changes

Debian Installer

The installer has been updated to add support for QNAP TS-12x, TS-22x and TS-42x devices, to correctly detect whether network interfaces should be managed via NetworkManager and to include the fixes incorporated into stable by the point release.

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/wheezy/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/

Security announcements and information:

http://security.debian.org/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.