Updated Debian 8: 8.1 released

June 6th, 2015

The Debian project is pleased to announce the first update of its stable distribution Debian 8 (codename jessie). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old jessie CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
base-files Update for the point release
berkeley-abc Fix big-endian issues, memory alignment and reproducible build
blackbox Fix possible loss of focus when clicking on a window
caja Postpone automount actions while session locked by screensaver
clamav Fix clamav-daemon installability with custom PidFile; new upstream version
cproto Make -X command line option work again
cwm Fix Lookups for 'exec' and 'wm' fail on XFS by adding an extra check using lstat() if the d_type check fails
dbus Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus
debian-installer Append DTB for SheevaPlug, SheevaPlug eSATA and GuruPlug; build against proposed-updates
debian-installer-netboot-images Rebuild for the point release
debian-lan-config Fix package names on i386; switch back to nfsv3 to avoid freezes; disable adzapper and browser-plugin-gnash as they're not in jessie; add libcgi-fast-perl to make the zoom in munin work; make installation of sudo-ldap and exim4-daemon-heavy more robust
didjvu Fix insecure tempfile use
ejabberd Add --enable-transient_supervisors build-flag; accept trailing newline characters in Base64 strings; drop debian/ejabberd.8 as there is no ejabberd executable any more
exactimage Fix integer overflow in the ljpeg_start function in dcraw [CVE-2015-3885]
fai Setup-storage: add support for parted 2.4; fai: Fix IP address lifetime
feed2imap Fix filter usage and include-images option
freeorion Fix build failure
ganeti New upstream stable release
gdnsd Fix incorrect error message, per-address level udp_recv_width option limit, plugin_extmon bugfix for bad timeout/interval behaviour if either is >255s, fix possible binding to incorrect port on startup
gnome-shell Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with NVIDIA drivers
gnutls28 Fix use-after-free flaw in gnutls_x509_ext_import_crl_dist_points() [CVE-2015-3308]
hello Test upload for jessie-security
ibus-cangjie Fix duplicate character issue, Python tracebacks, placement of candidate popup and Taiwanese translation
installation-guide Remove mention of kfreebsd as supported archs for Jessie; revert to documenting that the text installer is still the default; fix kernel source compression extension in kernel-baking.xml; add an example preseed entry for setting up multi-arch; fix custom revision in make-kpkg example
ircd-hybrid Fix a DoS from localhost clients; configuration script no longer ignores the result of upgrade questions; support chained SSL certificates; don't display upgrade warnings on new installs
lastpass-cli Update upstream CA certificate
libav Fix use of illegal instruction on i586
libdatetime-timezone-perl New upstream release
libdebian-installer Add device tree variants for supported armel/kirkwood devices
libi18n-charset-perl Remove a stray 'use blib' line
libinfinity Fix certificates only being checked for issues if the CA is not trusted; fix a client-side crash when the server shuts down; fix some assertion failures and inconsistencies in InfTextFixlineBuffer [CVE-2015-3886]
libraw Fix DoS via crafted image [CVE-2015-3885]
libvncserver Ensure libgcrypt is initialised before use; replace non-free SHA1 implementation
linux Update to upstream 3.16.7-ctk11; ext4: fix data corruption caused by unwritten and delayed extents; libata: Update Crucial/Micron blacklist, blacklist queued TRIM on Samsung SSD 850 Pro; USB: Add support for XHCI on APM Mustang
mate-desktop Add libstartup-notification0-dev and libdconf-dev to the dependencies of libmate-desktop-dev
mate-netbook Ensure Window Picker applet doesn't override mate-maximus
mate-utils Show correct error message if loading of the mate-screenshot UI fails
mew Tighten e-mail address match to avoid incorrect key being used for encryption
mew-beta Tighten e-mail address match to avoid incorrect key being used for encryption
multipath-tools Include dm-service-time in the initramfs as it's now the default, fixing boot from multipath
mutter Upstream bugfix and translation update; workaround issue with wallpaper breaking after resume with NVIDIA drivers
needrestart Fix warnings and errors if a process does not have a valid working directory, kernel version sorting and Perl warnings while scanning dangling kernel symlinks
node-groove Fix CPU usage
open-iscsi Ensure udebs are populated on all supported architectures
opencv Build with -march=i586 instead of -march=i686 on i386
openstack-debian-images Disable /etc/modules update for acpiphp and pci_hotplug; add security repository to jessie images; fix ACPI shutdown for wheezy and jessie; add nano by default for non-minimal images
osmosis Fix java.lang.ClassCastException for java.util.HashMap to org.openstreetmap.osmosis.hstore.PGHStore
pdf2djvu Fix insecure tempfile usage
pdns Security update
pdns-recursor Security update
perl Make the Perl debugger work with threaded programs again
pgbouncer Fix remote crash - invalid packet order causes lookup of NULL pointer [CVE-2015-4054]
php-horde Fix XSS in group administration
php-horde-passwd Fix password change via Kolab driver
phpbb3 Fix possible redirect vulnerability [CVE-2015-3880]
postgresql-9.4 New upstream version: avoid failures while fsync'ing data directory during crash restart
python-dbusmock Prevent code execution through crafted pyc files [CVE-2015-1326]
qcontrol Wait for necessary devices to appear before starting, working around an issue exposed by systemd LSB compatibility mode
qt4-x11 Fix crashes in GIF, BMP and ICO decoders [CVE-2015-1858 CVE-2015-1859 CVE-2015-1860]
qtbase-opensource-src Fix crashes in GIF, BMP and ICO decoders [CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860]
ruby-defaults Add Conflicts: ruby-activesupport-2.3 to help upgrades from Wheezy
semi Tighten e-mail address match to avoid incorrect key being used for encryption
smstools Drop non-policy-compliant reload option from the init script; use force-reload for logrotate
systemd Revert immediate SIGKILLing of units during shutdown, leading to cleanup failures; write_net_rules: escape '{' and '}', to work with busybox grep; manager: pass correct errno to strerror()
tasksel Make task-xfce-desktop recommend evince-gtk | evince instead of just evince-gtk, making the GNOME and Xfce desktop tasks co-installable
tecnoballz Fix multiple gameplay issues - minimum distance of bouncers to walls in boss levels, gigablitz gague not working, right click could exit game
tlsdate Switch from www.ptb.de to www.google.com as the former is now sending randomized gmt values
torbrowser-launcher Handle paths which changed in the torbrowser 4.5 release; remove no longer working accept links folder; stop acting as default browser
translate-shell Restore functionality by switching to new Google Translate API
tzdata New upstream release
ulogd2 Correct JSON output of integer types on big-endian systems
unattended-upgrades Fix default configuration to match jessie-security
usemod-wiki Adjust startform/endform to start_form/end_form for compatibility with libcgi-pm-perl
virtualbox Fix crash in raw mode; fix kernel paging issue, enabling operation on Broadwell CPUs
win32-loader Replace the Joy screenshot by a recent Lines screenshot; replace http.debian.net with httpredir.debian.org

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package
DSA-3229 mysql-5.5
DSA-3230 django-markupfield
DSA-3232 curl
DSA-3233 wpa
DSA-3236 libreoffice
DSA-3237 linux
DSA-3238 chromium-browser
DSA-3239 icecast2
DSA-3240 curl
DSA-3241 elasticsearch
DSA-3242 chromium-browser
DSA-3243 libxml-libxml-perl
DSA-3244 owncloud
DSA-3247 ruby2.1
DSA-3250 wordpress
DSA-3251 dnsmasq
DSA-3252 sqlite3
DSA-3253 pound
DSA-3254 suricata
DSA-3255 zeromq3
DSA-3256 libtasn1-6
DSA-3257 mercurial
DSA-3258 quassel
DSA-3259 qemu
DSA-3261 libtest-signature-perl
DSA-3261 libmodule-signature-perl
DSA-3263 proftpd-dfsg
DSA-3264 icedove
DSA-3265 zendframework
DSA-3266 fuse
DSA-3267 chromium-browser
DSA-3268 ntfs-3g
DSA-3269 postgresql-9.1
DSA-3270 postgresql-9.4
DSA-3271 nbd
DSA-3272 ipsec-tools
DSA-3274 virtualbox
DSA-3275 fusionforge


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.