Debian 7.3 has been released. Here the announcement:
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 7: 7.3 released press@debian.org
December 14th, 2013 http://www.debian.org/News/2013/20131214
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its
stable distribution Debian 7 (codename `wheezy'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 7 but only updates some of the packages included. There is no
need to throw away old `wheezy' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt Fix handling of :any in single-arch
systems and processing of .debs over
2GB in size
apt-listbugs Insecure use of temporary files
base-files Update for point release
bootchart Fix upgrade path from machines which
had lenny's bootchart installed
darktable Fix CVE-2013-1438; fix CVE-2013-1439
distro-info-data Add Ubuntu 14.04, Trusty Tahr
expat Do not ship pkgconfig files
fcitx-cloudpinyin Use Google by default, to replace no
longer available previous default
firebird2.5 Final 2.5.2 release, bug fixes
gnome-settings-daemon Remove no longer required patch
which makes syndaemon almost useless
gtk+3.0 Load the file icon via a data: URI,
to work with librsvg's new origin
policy
iftop Fix memory leak
intel-microcode New upstream update
kfreebsd-9 Disable 101_nullfs_vsock.diff
libdatetime-timezone-perl New upstream version
libguestfs Fix CVE-2013-4419: insecure
temporary directory handling for
remote guestfish
libnet-server-perl Fix use of uninitialized value in
pattern match
libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the
SSL_version argument
librsvg Fix CVE-2013-1881: disable loading
of external entities
lua-sql Restore multiarch co-installability
meep-lam4 Move /usr/include/meep-lam4 to /usr/
include/meep; fixes building against
the -dev package
meep-mpi-default Move /usr/include/meep-mpi-default
to /usr/include/meep; fixes building
against the -dev package
meep-mpich2 Move /usr/include/meep-mpich2 to /
usr/include/meep; fixes building
against the -dev package
meep-openmpi Move /usr/include/meep-openmpi to /
usr/include/meep; fixes building
against the -dev package
multipath-tools Restore `dmsetup export' workaround,
lost in previous upload
nagios3 Stop status.cgi listing unauthorised
hosts and services, miscellaneous
bug fixes
nsd3 Add $network to Required-Start
openttd Fix CVE-2013-6411 (DoS)
postgresql-8.4 New upstream micro-release
postgresql-9.1 New upstream micro-release
rtkit Fix access restriction bypass via
polkit race condition
ruby-passenger Fix CVE-2013-2119 and CVE-2013-4136:
insecure tmp files usage
scikit-learn Move joblib from Recommends to
Depends
smplayer Don't append -fontconfig to the
command line options for Mplayer2 to
prevent crash at startup
starpu Remove non-free example material
starpu-contrib Remove non-free example material
tzdata New upstream release
usemod-wiki Update hardcoded cookie expiration
date from 2013 to 2025
xfce4-weather-plugin Update weather.com API URI
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory Package Correction(s)
ID
DSA-2738 ruby1.9.1 Multiple issues
DSA-2769 kfreebsd-9 Multiple issues
DSA-2770 torque Authentication bypass
DSA-2771 nas Multiple issues
DSA-2772 typo3-src Cross-site scripting
DSA-2773 gnupg Multiple issues
DSA-2774 gnupg2 Multiple issues
DSA-2775 ejabberd Insecure SSL usage
DSA-2777 systemd Multiple issues
DSA-2778 libapache2-mod-fcgid Heap-based buffer overflow
DSA-2779 libxml2 Denial of service
DSA-2781 python-crypto PRNG not correctly reseeded in some
situations
DSA-2782 polarssl Multiple issues
DSA-2784 xorg-server Use-after-free
DSA-2785 chromium-browser Multiple issues
DSA-2786 icu Multiple issues
DSA-2787 roundcube Design error
DSA-2788 iceweasel Multiple issues
DSA-2789 strongswan Denial of service and authorization
bypass
DSA-2790 nss Uninitialized memory read
DSA-2791 tryton-client Missing input sanitization
DSA-2792 wireshark Multiple issues
DSA-2794 spip Multiple issues
DSA-2795 lighttpd Multiple issues
DSA-2796 torque Arbitrary code execution
DSA-2798 curl Unchecked SSL certificate host name
DSA-2799 chromium-browser Multiple issues
DSA-2800 nss Buffer overflow
DSA-2801 libhttp-body-perl Design error
DSA-2802 nginx Restriction bypass
DSA-2803 quagga Multiple issues
DSA-2804 drupal7 Multiple issues
DSA-2805 sup-mail Remote command injection
DSA-2806 nbd Privilege escalation
DSA-2807 links2 Integer overflow
DSA-2808 openjpeg Multiple issues
DSA-2809 ruby1.8 Multiple issues
DSA-2810 ruby1.9.1 Heap overflow
DSA-2811 chromium-browser Multiple issues
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
linky License problems
iceweasel-linky License problems
Debian Installer
----------------
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/wheezy/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Debian 7.3 released
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 7: 7.3 released press@debian.org
December 14th, 2013 http://www.debian.org/News/2013/20131214
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its
stable distribution Debian 7 (codename `wheezy'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 7 but only updates some of the packages included. There is no
need to throw away old `wheezy' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of
date packages to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt Fix handling of :any in single-arch
systems and processing of .debs over
2GB in size
apt-listbugs Insecure use of temporary files
base-files Update for point release
bootchart Fix upgrade path from machines which
had lenny's bootchart installed
darktable Fix CVE-2013-1438; fix CVE-2013-1439
distro-info-data Add Ubuntu 14.04, Trusty Tahr
expat Do not ship pkgconfig files
fcitx-cloudpinyin Use Google by default, to replace no
longer available previous default
firebird2.5 Final 2.5.2 release, bug fixes
gnome-settings-daemon Remove no longer required patch
which makes syndaemon almost useless
gtk+3.0 Load the file icon via a data: URI,
to work with librsvg's new origin
policy
iftop Fix memory leak
intel-microcode New upstream update
kfreebsd-9 Disable 101_nullfs_vsock.diff
libdatetime-timezone-perl New upstream version
libguestfs Fix CVE-2013-4419: insecure
temporary directory handling for
remote guestfish
libnet-server-perl Fix use of uninitialized value in
pattern match
libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the
SSL_version argument
librsvg Fix CVE-2013-1881: disable loading
of external entities
lua-sql Restore multiarch co-installability
meep-lam4 Move /usr/include/meep-lam4 to /usr/
include/meep; fixes building against
the -dev package
meep-mpi-default Move /usr/include/meep-mpi-default
to /usr/include/meep; fixes building
against the -dev package
meep-mpich2 Move /usr/include/meep-mpich2 to /
usr/include/meep; fixes building
against the -dev package
meep-openmpi Move /usr/include/meep-openmpi to /
usr/include/meep; fixes building
against the -dev package
multipath-tools Restore `dmsetup export' workaround,
lost in previous upload
nagios3 Stop status.cgi listing unauthorised
hosts and services, miscellaneous
bug fixes
nsd3 Add $network to Required-Start
openttd Fix CVE-2013-6411 (DoS)
postgresql-8.4 New upstream micro-release
postgresql-9.1 New upstream micro-release
rtkit Fix access restriction bypass via
polkit race condition
ruby-passenger Fix CVE-2013-2119 and CVE-2013-4136:
insecure tmp files usage
scikit-learn Move joblib from Recommends to
Depends
smplayer Don't append -fontconfig to the
command line options for Mplayer2 to
prevent crash at startup
starpu Remove non-free example material
starpu-contrib Remove non-free example material
tzdata New upstream release
usemod-wiki Update hardcoded cookie expiration
date from 2013 to 2025
xfce4-weather-plugin Update weather.com API URI
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory Package Correction(s)
ID
DSA-2738 ruby1.9.1 Multiple issues
DSA-2769 kfreebsd-9 Multiple issues
DSA-2770 torque Authentication bypass
DSA-2771 nas Multiple issues
DSA-2772 typo3-src Cross-site scripting
DSA-2773 gnupg Multiple issues
DSA-2774 gnupg2 Multiple issues
DSA-2775 ejabberd Insecure SSL usage
DSA-2777 systemd Multiple issues
DSA-2778 libapache2-mod-fcgid Heap-based buffer overflow
DSA-2779 libxml2 Denial of service
DSA-2781 python-crypto PRNG not correctly reseeded in some
situations
DSA-2782 polarssl Multiple issues
DSA-2784 xorg-server Use-after-free
DSA-2785 chromium-browser Multiple issues
DSA-2786 icu Multiple issues
DSA-2787 roundcube Design error
DSA-2788 iceweasel Multiple issues
DSA-2789 strongswan Denial of service and authorization
bypass
DSA-2790 nss Uninitialized memory read
DSA-2791 tryton-client Missing input sanitization
DSA-2792 wireshark Multiple issues
DSA-2794 spip Multiple issues
DSA-2795 lighttpd Multiple issues
DSA-2796 torque Arbitrary code execution
DSA-2798 curl Unchecked SSL certificate host name
DSA-2799 chromium-browser Multiple issues
DSA-2800 nss Buffer overflow
DSA-2801 libhttp-body-perl Design error
DSA-2802 nginx Restriction bypass
DSA-2803 quagga Multiple issues
DSA-2804 drupal7 Multiple issues
DSA-2805 sup-mail Remote command injection
DSA-2806 nbd Privilege escalation
DSA-2807 links2 Integer overflow
DSA-2808 openjpeg Multiple issues
DSA-2809 ruby1.8 Multiple issues
DSA-2810 ruby1.9.1 Heap overflow
DSA-2811 chromium-browser Multiple issues
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
linky License problems
iceweasel-linky License problems
Debian Installer
----------------
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/wheezy/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Debian 7.3 released
