Updated Debian 7: 7.8 released

January 10th, 2015

The Debian project is pleased to announce the eighth update of its stable distribution Debian 7 (codename wheezy). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
apache2 Fix handling of chunk trailers to avoid bypass of intended mod_headers restrictions [CVE-2013-5704]; fix hostname comparison with SNI to be case insensitive
apt Retry without partial data after a 416 response
base-files Update debian_version for the point release
bashburn Fix upgrades from the old mybashburn package in Squeeze
clamav New upstream version; fix endless loop on special crafted quantum compressed cab files
debian-archive-keyring Add archive signing keys for Jessie
debian-installer Rebuild for the point release
debian-installer-netboot-images Rebuild for the point release
debootstrap Install base-passwd and base-files in two calls rather than one, to ensure correct ordering
dhcpcd5 Fix denial of service [CVE-2014-6060]
digikam Add versioned Breaks/Replaces on digikam-doc, to fix upgrades from Squeeze
evolution-data-server Enable all SSL/TLS versions supported by NSS
firetray Increase version compatibility with icedove
freecol Disable introductory video to avoid hanging at startup
gnustep-base Fix security issue in gdomap [CVE-2014-2980] and regression in -performSelector: with message forwarding
gosa Fix XSS issue during login and authentication against LDAP server(s) via the gosa-admin DN
intel-microcode Disable TSX instructions in Haswell and other errata
iucode-tool Fix a possible buffer overwrite, memory leak and other issues found by coverity
libclamunrar Update to new upstream version, in line with clamav
libdatetime-timezone-perl New upstream release; update included data files to 2014j
linux New upstream stable release; drm, agp: update to 3.4.105; rt: update to 3.2.64-rt94; KVM: don't report guest userspace emulation error to userspace [CVE-2014-7842], clear paravirt_enabled on KVM guests for espfix32's benefit [CVE-2014-8134]; isofs: fix infinite looping over CE entries [CVE-2014-9420]
mumble Fix UDP communication failing until connected user's mic is activated and data sent; fix crash on connecting; properly HTML-escape some external strings before using them in a rich-text (HTML) context [CVE-2014-3756]; fix client DoS via SVG images with local file references [CVE-2014-3755]
netcfg Fix missing bounds check on nameserver array iteration
nostalgy Update for compatibility with new icedove versions from security
nvidia-graphics-drivers New upstream release
nvidia-graphics-modules Rebuild against updated nvidia-graphics-drivers
shutdown-at-night Check for users before shutting down
sieve-extension Increase version compatibility with icedove
spamassassin Export perl_version to rules, as upstream has started using it in published rules
tzdata New upstream release
wireless-regdb New upstream release, with updated / added data
xulrunner New source package split out from iceweasel (which no longer provides xulrunner in newer versions)

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package
DSA-2720 enigmail
DSA-2720 icedove-l10n
DSA-2720 icedove
DSA-2746 icedove
DSA-2762 icedove
DSA-2797 icedove
DSA-2911 icedove-l10n
DSA-2911 enigmail
DSA-2911 icedove
DSA-2918 iceweasel
DSA-2924 icedove
DSA-2955 iceweasel
DSA-2960 icedove
DSA-2986 iceweasel
DSA-2996 icedove
DSA-3018 iceweasel
DSA-3028 icedove
DSA-3034 iceweasel
DSA-3037 icedove
DSA-3049 wireshark
DSA-3050 iceweasel
DSA-3051 drupal7
DSA-3052 wpa
DSA-3053 openssl
DSA-3054 mysql-5.5
DSA-3055 pidgin
DSA-3056 libtasn1-3
DSA-3057 libxml2
DSA-3058 torque
DSA-3059 dokuwiki
DSA-3060 linux
DSA-3061 icedove
DSA-3061 icedove-l10n
DSA-3061 enigmail
DSA-3062 wget
DSA-3063 quassel
DSA-3064 php5
DSA-3065 libxml-security-java
DSA-3066 qemu
DSA-3067 qemu-kvm
DSA-3068 konversation
DSA-3069 curl
DSA-3071 nss
DSA-3072 file
DSA-3073 libgcrypt11
DSA-3074 php5
DSA-3075 drupal7
DSA-3078 libksba
DSA-3079 ppp
DSA-3081 libvncserver
DSA-3082 flac
DSA-3083 mutt
DSA-3084 openvpn
DSA-3085 wordpress
DSA-3086 tcpdump
DSA-3087 qemu
DSA-3088 qemu-kvm
DSA-3089 jasper
DSA-3090 iceweasel
DSA-3091 getmail4
DSA-3092 icedove
DSA-3093 linux
DSA-3094 bind9
DSA-3095 xorg-server
DSA-3096 pdns-recursor
DSA-3097 unbound
DSA-3098 graphviz
DSA-3099 dbus
DSA-3100 mediawiki
DSA-3101 c-icap
DSA-3102 libyaml
DSA-3103 libyaml-libyaml-perl
DSA-3104 bsd-mailx
DSA-3105 heirloom-mailx
DSA-3106 jasper
DSA-3107 subversion
DSA-3108 ntp
DSA-3109 firebird2.5
DSA-3110 mediawiki
DSA-3111 cpio
DSA-3112 sox
DSA-3113 unzip
DSA-3114 mime-support
DSA-3115 pyyaml
DSA-3116 polarssl
DSA-3117 php5

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/wheezy/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/

Security announcements and information:

https://www.debian.org/security/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.