Updated Debian 7: 7.10 released

April 2nd, 2016

The Debian project is pleased to announce the tenth update of its oldstable distribution Debian 7 (codename wheezy). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old wheezy CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:


Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following packages:

Package Reason
amd64-microcode Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch
aptdaemon Security fix [CVE-2015-1323]
base-files Update for the point release
c-icap Fix FTBFS with newer OpenSSL versions; rebuild against libclamav7
c-icap-modules Rebuild against libclamav7
calendarserver Fix POODLE; update zoneinfo to tzdata 2015g
clamav Avoid unaligned memory access; new upstream release
commons-httpclient Ensure HTTPS calls use http.socket.timeout during SSL Handshake [CVE-2015-5262]
dansguardian Rebuild against libclamav7
dbconfig-common Fix permission of PostgreSQL backup files
debian-installer Rebuild against oldstable-proposed-updates
debian-installer-netboot-images Rebuild against new debian-installer
exfat-utils Fix buffer overflow and infinite loop
exim4 Fix defect in 89_02_Store-the-initial-working-directory.diff patch from the previous security upload
firebug Update for compatibility with newer Iceweasel versions
fuse-exfat Fix buffer overflow and infinite loop
giflib Bail out if Width > SWidth [CVE-2015-7555]
gummi Avoid predictable naming of temporary files [CVE 2015-7758]
iptables-persistent Stop rules files being world-readable
libclamunrar Rebuild for libclamav7
libdatetime-timezone-perl Update included data to tzdata 2016c
libhtml-scrubber-perl Fix cross-site scripting vulnerability in comments [CVE-2015-5667]
libiptables-parse-perl Fix use of predictable names for temporary files [CVE-2015-8326]
librsvg Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557]
libssh Fix Double free on dangling pointers in initial key exchange packet [CVE-2014-8132]; fix null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets [CVE-2015-3146]
linux update to new upstream stable release 3.2.78; drm, agp: Update to 3.4.110; rt: update to 3.2.77-rt111; ppp, slip: Validate VJ compression slot parameters completely [CVE-2015-7799]; KVM: svm: unconditionally intercept #DB [CVE-2015-8104]
live-tools Depend on initramfs-tools
maven2 Rebuild with libmaven2-core-java 2.2.1-8+deb7u1 to use a secure connection by default to download artifacts from the Maven Central repository
maven2-core Use a secure connection by default to download artifacts from the Maven Central repository
nvidia-graphics-drivers New upstream release [CVE-2015-5950]; fix Unsanitized User Mode Input issue [CVE-2015-7869]
nvidia-graphics-modules Rebuild with nvidia-kernel-source 304.131
pykerberos Add KDC authenticity verification support [CVE-2015-3206]
python-clamav Rebuild against libclamav7
sendmail Properly set the close-on-exec flag for file descriptors before executing mailers [CVE-2014-3956]; fix an incorrect assertion in libmilter; add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2; fix A-only MX CNAME interface binding issues when using IPv6; raise MAXDAEMONS from 10 to 64; start sendmail after bind9 (or any other named) if it is installed; fix infinite loop in update_db
stk Install missing SKINI.msg and .tbl include files
tzdata New upstream release
zendframework Fix entropy issue with captcha [ZF2015-09]

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package
DSA-2722 openjdk-7
DSA-2923 openjdk-7
DSA-2987 openjdk-7
DSA-3080 openjdk-7
DSA-3132 icedove
DSA-3144 openjdk-7
DSA-3173 libgtk2-perl
DSA-3179 icedove
DSA-3208 freexl
DSA-3212 icedove
DSA-3235 openjdk-7
DSA-3264 icedove
DSA-3316 openjdk-7
DSA-3324 icedove
DSA-3337 gdk-pixbuf
DSA-3346 drupal7
DSA-3349 qemu-kvm
DSA-3349 qemu
DSA-3350 bind9
DSA-3352 screen
DSA-3353 openslp-dfsg
DSA-3355 libvdpau
DSA-3358 php5
DSA-3359 virtualbox
DSA-3361 qemu
DSA-3362 qemu-kvm
DSA-3364 linux
DSA-3365 iceweasel
DSA-3366 rpcbind
DSA-3369 zendframework
DSA-3370 freetype
DSA-3371 spice
DSA-3377 mysql-5.5
DSA-3378 gdk-pixbuf
DSA-3379 miniupnpc
DSA-3380 php5
DSA-3381 openjdk-7
DSA-3382 phpmyadmin
DSA-3383 wordpress
DSA-3384 virtualbox
DSA-3386 unzip
DSA-3387 openafs
DSA-3388 ntp
DSA-3390 xen
DSA-3392 freeimage
DSA-3393 iceweasel
DSA-3395 krb5
DSA-3397 wpa
DSA-3398 strongswan
DSA-3399 libpng
DSA-3401 openjdk-7
DSA-3403 libcommons-collections3-java
DSA-3404 python-django
DSA-3405 smokeping
DSA-3406 nspr
DSA-3407 dpkg
DSA-3408 gnutls26
DSA-3409 putty
DSA-3413 openssl
DSA-3416 libphp-phpmailer
DSA-3417 bouncycastle
DSA-3420 bind9
DSA-3421 grub2
DSA-3422 iceweasel
DSA-3423 cacti
DSA-3426 linux
DSA-3426 ctdb
DSA-3427 blueman
DSA-3429 foomatic-filters
DSA-3430 libxml2
DSA-3431 ganeti
DSA-3433 samba
DSA-3434 linux
DSA-3435 git
DSA-3436 openssl
DSA-3437 gnutls26
DSA-3438 xscreensaver
DSA-3439 prosody
DSA-3440 sudo
DSA-3443 libpng
DSA-3444 wordpress
DSA-3445 pygments
DSA-3446 openssh
DSA-3447 tomcat7
DSA-3450 ecryptfs-utils
DSA-3452 claws-mail
DSA-3459 mysql-5.5
DSA-3460 privoxy
DSA-3461 freetype
DSA-3462 radicale
DSA-3463 prosody
DSA-3466 krb5
DSA-3468 polarssl
DSA-3469 qemu
DSA-3470 qemu-kvm
DSA-3472 wordpress
DSA-3473 nginx
DSA-3478 libgcrypt11
DSA-3479 graphite2
DSA-3483 cpio
DSA-3484 xdelta3
DSA-3485 didiwiki
DSA-3487 libssh2
DSA-3488 libssh
DSA-3489 lighttpd
DSA-3490 websvn
DSA-3492 gajim
DSA-3493 xerces-c
DSA-3494 cacti
DSA-3498 drupal7
DSA-3499 python-imaging
DSA-3500 openssl
DSA-3501 perl
DSA-3502 roundup
DSA-3503 linux
DSA-3504 bsh
DSA-3505 wireshark
DSA-3506 libav
DSA-3508 jasper
DSA-3511 bind9
DSA-3512 libotr
DSA-3514 samba
DSA-3516 wireshark
DSA-3517 exim4
DSA-3518 spip
DSA-3521 git
DSA-3522 squid3
DSA-3524 activemq
DSA-3525 pixman
DSA-3526 libmatroska
DSA-3527 inspircd
DSA-3532 quagga

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason
gnome-gmail Broken
libnsbmp Security issues, unmaintained
libnsgif Security issues, unmaintained
tlslite Unmaintained, outdated
vimperator Incompatible with newer iceweasel versions

Debian Installer

The installer has been updated to include the fixes incorporated into oldstable by the point release.


The complete lists of packages that have changed with this revision:


The current oldstable distribution:


Proposed updates to the oldstable distribution:


oldstable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.