====================================== Sat, 15 Jun 2013 - Debian 7.1 released ====================================== alsa-base (1.0.25+3~deb7u1) stable; urgency=low . * Upload to proposed-updates. apt (0.9.7.9) stable; urgency=low . [ Ludovico Cavedon ] * properly handle if-modfied-since with libcurl/https (closes: #705648) . [ Andreas Beckman ] * apt-pkg/algorithms.cc: - Do not propagate negative scores from rdepends. Propagating the absolute value of a negative score may boost obsolete packages and keep them installed instead of installing their successors. (Closes: #699759) apt (0.9.7.9~exp3) experimental; urgency=low . [ Michael Vogt ] * apt-pkg/sourcelist.cc: - fix segfault when a hostname contains a [, thanks to Tzafrir Cohen (closes: #704653) * debian/control: - replace manpages-it (closes: #704723) . [ David Kalnischkies ] * various simple changes to fix cppcheck warnings * apt-pkg/pkgcachegen.cc: - do not store the MD5Sum for every description language variant as it will be the same for all so it can be shared to save cache space - handle language tags for descriptions are unique strings to be shared - factor version string creation out of NewDepends, so we can easily reuse version strings e.g. for implicit multi-arch dependencies - equal comparisions are used mostly in same-source relations, so use this to try to reuse some version strings - sort group and package names in the hashtable on insert - share version strings between same versions (of different architectures) to save some space and allow quick comparisions later on * apt-pkg/pkgcache.cc: - assume sorted hashtable entries for groups/packages * apt-pkg/cacheiterators.h: - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck * apt-pkg/deb/debversion.cc: - add a string-equal shortcut for equal version comparisions . [ Marc Deslauriers ] * make apt-ftparchive generate missing deb-src hashes (LP: #1078697) apt (0.9.7.9~exp2) experimental; urgency=low . [ Programs translations ] * Update all PO files and apt-all.pot * French translation completed (Christian Perrier) . [ Daniel Hartwig ] * cmdline/apt-get.cc: - do not have space between "-a" and option when cross building (closes: #703792) * test/integration/test-apt-get-download: - fix test now that #1098752 is fixed * po/{ca,cs,ru}.po: - fix merge artifact . [ David Kalnischkies ] * apt-pkg/indexcopy.cc: - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc * apt-pkg/contrib/gpgv.cc: - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default * ftparchive/writer.cc, apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files . [ Michael Vogt ] * add regression test for CVE-2013-1051 * implement GPGSplit() based on the idea from Ansgar Burchardt (many thanks!) * methods/connect.cc: - use Errno() instead of strerror(), thanks to David Kalnischk * doc/apt.conf.5.xml: - document Acquire::ForceIPv{4,6} apt (0.9.7.9~exp1) experimental; urgency=low . [ Niels Thykier ] * test/libapt/assert.h, test/libapt/run-tests: - exit with status 1 on test failure . [ Daniel Hartwig ] * test/integration/framework: - continue after test failure but preserve exit status . [ Programs translation updates ] * Turkish (Mert Dirik). Closes: #703526 . [ Colin Watson ] * methods/connect.cc: - provide useful error message in case of EAI_SYSTEM (closes: #703603) . [ Michael Vogt ] * add new config options "Acquire::ForceIPv4" and "Acquire::ForceIPv6" to allow focing one or the other (closes: #611891) * lp:~mvo/apt/fix-tagfile-hash: - fix false positives in pkgTagSection.Exists(), thanks to Niels Thykier for the testcase (closes: #703240) - this will require rebuilds of the clients as this used to be a inline function assaultcube-data (1.1.0.4+repack1-2.1~deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Rebuild for wheezy. . assaultcube-data (1.1.0.4+repack1-2.1) unstable; urgency=low . * Non-maintainer upload. * Fix "fails to upgrade from squeeze - trying to overwrite /usr/share/man/man6/assaultcube-server.6.gz": Add versioned Breaks/Replaces on assaultcube. Thanks to Andreas Beckmann for the bug report and patch. (Closes: #706764) base-files (7.1wheezy1) stable; urgency=low . * Changed /etc/debian_version to 7.1, for Debian 7.1 point release. * Dropped ".0" part from "7.0" in issue, issue.net and os-release, as wheezy is Debian 7, the point releases are 7.x, and we don't want to modify those files at every point release. brltty (4.4-10+deb7u1) wheezy; urgency=low . * As discussed in bug Bug#705599, synchronize with finish-install on the method to enable accessibility in the installed system when accessibility was enabled in the installer. * Also enable sound events at gdm banner. chromium-browser (27.0.1453.93-1~deb7u1) stable-security; urgency=high . * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. clutter-gst (1.5.4-1+build0) wheezy; urgency=low . * Non-maintainer upload. * No-change sourceful upload to restore multiarch co-installability of libclutter-gst-1.0-0 by clearing binNMU state. cyrus-imapd-2.4 (2.4.16-4+deb7u1) wheezy; urgency=high . * Fix links in the README.Debian and UPGRADE.Debian (courtesy of Gijs Hillenius) * When piping data to while loop the subshell is created and variables are lost (Closes: #706862) cyrus-sasl2 (2.1.25.dfsg1-6+deb7u1) stable; urgency=low . * Fix heavy CPU usage in saslauthd (Closes: #708552) * Send LOGOUT before closing connection in auth_rimap (Closes: #708547) * Fix garbage in output buffer when using canonuser_plugin: ldapdb (Closes: #689346) debian-history (2.19~deb7u1) stable; urgency=low . * Rebuild for Wheezy debian-installer (20130613) wheezy; urgency=low . [ Samuel Thibault ] * Fix boot beep. . [ Cyril Brulebois ] * Enable proposed updates in debian/rules for the wheezy point releases. * Set DEBIAN_VERSION to just '7'. debian-installer-netboot-images (20130613) wheezy; urgency=low . * Update to 20130613 images, from wheezy-proposed-updates. debootstrap (1.0.48+deb7u1) wheezy; urgency=low . [ Joey Hess ] * Add support for jessie. Closes: #706788 dh-make-drupal (1.3-1+deb7u1) stable; urgency=low . * Drupal.org now requires requests to go over https. Thanks (again!) to Stefan Kangas for the patch. (Closes: #711010) distro-info-data (0.16~deb7u1) stable; urgency=low . * Debian wheezy released. Update squeeze EOL and jessie opening dates. * Add Ubuntu 13.10, Saucy Salamander. * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 months. distro-info-data (0.16~bpo70+1) wheezy-backports; urgency=low . * Rebuild for wheezy-backports. . distro-info-data (0.16) unstable; urgency=low . * Correct current Debian testing series from experimental to jessie. * Correct release date of Debian 7.0 "Wheezy". . distro-info-data (0.15) unstable; urgency=low . * Debian wheezy released. Update squeeze EOL. . distro-info-data (0.14) unstable; urgency=low . * Add Ubuntu 13.10, Saucy Salamander. Thanks Iain Lane. . distro-info-data (0.13) unstable; urgency=low . * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. . distro-info-data (0.12) unstable; urgency=low . * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 month. * Switch to debhelper 9. * Bum Standards-Version to 3.9.4 (no changes needed). distro-info-data (0.15) unstable; urgency=low . * Debian wheezy released. Update squeeze EOL. distro-info-data (0.14) unstable; urgency=low . * Add Ubuntu 13.10, Saucy Salamander. Thanks Iain Lane. distro-info-data (0.13) unstable; urgency=low . * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. distro-info-data (0.12) unstable; urgency=low . * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 month. * Switch to debhelper 9. * Bum Standards-Version to 3.9.4 (no changes needed). empathy (3.4.2.3-2+deb7u1) stable; urgency=low . * gbp.conf: set branch to debian-wheezy * Backport patch from upstream 3.8 branch to avoid a crash now that Google Talk vCards can contain a (read-only) field, which is not flagged as supported in telepathy-gabble. (Closes: #706900) freebsd-utils (9.0+ds1-11~deb7u1) stable; urgency=low . * Don't use --pidfile when starting/stopping daemons that don't create one: - Prevents trying to start nfsd, rpc.lockd, rpc.statd more than once (Closes: #700245) - Fixes a 30-second delay as each service is stopped (Closes: #700249) * Stop nfsd with the correct signal USR1, since it ignores TERM gcc-msp430 (4.6.3~mspgcc-20120406-3+deb7u2) stable; urgency=high . * Fix generation of wrong interrupt table for MSP430FR5xxx targets, resulting in security fuse blown (Closes: #706482) get-iplayer (2.82-2+deb7u1) stable; urgency=low . * bbc-swfurl.patch: Update SWF verification URL after changes by the BBC (Closes: #711538) gitg (0.2.4-1.1+deb7u1) stable; urgency=low . * Replaced incorrect "ftbfs" patch to fix run-time crashes and drag'n'drop functionality (Closes: #705886, #674001). gnome-settings-daemon (3.4.2+git20121218.7c1322-3+deb7u1) wheezy; urgency=low . [ Xiyue Deng ] * Backport from sid: - Disable "-Wl,-z,defs" on mipsel to fix segfault. (Closes: #629351) . [ Emilio Pozuelo Monfort ] * debian/patches/10_smaller_syndaemon_timeout.patch: + Update patch to not write out of the array bounds. Fixes a crash when the "Disable touchpad while typing" option is activated. Closes: #684998. gnutls26 (2.12.20-7) wheezy-security; urgency=high . * [36_sanitycheck.diff] from upstream GIT. - Fix out of bounds data access. Closes: #709301 gpsd (3.6-4+deb7u1) wheezy; urgency=low . * [818fb0a6] Fixing two security bugs in gpsd - one triggered by malformed NMEA packets, making gpsd crash - the other one is a possible DOS in the AIS parser, CVE-2013-2038 Thanks to Salvatore Bonaccorso (Closes: #706665) isc-dhcp (4.2.2.dfsg.1-5+deb70u6) stable-proposed-updates; urgency=medium . * Set --with-ldapcrypto to restore openssl support (closes: #692808). isc-dhcp (4.2.2.dfsg.1-5+deb70u5) testing-proposed-updates; urgency=medium . * Use patch instead of quilt for embedded bind patches. isc-dhcp (4.2.2.dfsg.1-5+deb70u4) testing-proposed-updates; urgency=high . * Fix cve-2013-2494: issues with regular expression handling in the embedded bind library (closes: #704426). isdnutils (1:3.25+dfsg1-3.3~deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Rebuild for wheezy. keystone (2012.1.1-13+wheezy1) wheezy-proposed-updates; urgency=low . * CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted [OSSA 2013-011]. Added backported to Essex patch which I picked-up from Launchpad. Thanks to the Canonical security team (Closes: #707598). kfreebsd-9 (9.0-10+deb70.1) wheezy-security; urgency=high . * Upload for wheezy-security lapack (3.4.1+dfsg-1+deb70u1) stable; urgency=low . * recursive.patch: fix some routines which produce incorrect results in multithreaded environment. Thanks to Michael Banck for the fix (Closes: #693269) libdatetime-timezone-perl (1:1.58-1+2013c) stable-proposed-updates; urgency=low . * Update to version 2013c of the Olson database. libdmx (1:1.1.2-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1992] libfs (2:1.0.4-1+deb7u1) wheezy-security; urgency=high . * Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996] libiodbc2 (3.52.7-2+deb7u1) stable; urgency=low . * Find odbc drivers in a system dir (e.g. /usr/lib/x86_64-linux-gnu/odbc/). This fixes usability and co-installability with multiarch odbc drivers, see #703047 for odbc-postgresql. libnss-myhostname (0.3-5~deb7u1) stable; urgency=low . * Ignore link-local addresses (Closes: #705900) libpam-mklocaluser (0.8~deb7u1) wheezy; urgency=low . * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). libquvi-scripts (0.4.15-1~deb7u1) wheezy; urgency=low . * Upload to wheezy. libquvi-scripts (0.4.14-1) unstable; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.13-1) experimental; urgency=low . * New upstream release. libquvi-scripts (0.4.12-1) experimental; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.11-1) experimental; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.10-1) experimental; urgency=low . * New upstream release. * Fix d/watch to allow xz|gz|bz2. * Add new entry to d/copyright (share/lua/website/tapuz.lua). * Remove d/patches. Upstream author include patch. libreoffice (1:3.5.4+dfsg2-0+deb7u2) stable; urgency=low . * debian/rules: - work around possible failure install-common target with missing ca-XV .dirs/.install... (closes: #685723) - hack around broken "*" directory in debian/tmp/pkg on kfreebsd-* extremely slowing down the install target... libreoffice (1:3.5.4+dfsg2-0+deb7u1) stable; urgency=low . * src/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip: remove lib/servlet.jar.. . * debian/patches/fix-view-option.diff: backport fix to fix --view from libreoffice-3-6 (closes: #697723) * debian/patches/odk-link-to-jdk-1.5-docs.diff: link to http://java.sun.com/j2se/1.5/docs/api instead of /1.4.1/ as the former doesn't exist anymore * debian/patches/oosplash-wait-for-ProcessingDone.diff: backport from 3.6; make oosplash wait for InternalIPC::ProcessingDone (closes: #681185) . * debian/control.in: - remove bogus | python3-uno dependency alternatives. Will properly be back with LO 4.0 which supports python3 libvirt (0.9.12-11+deb7u1) wheezy-proposed-updates; urgency=low . [ Guido Günther ] * [af660e5] Allow xen toolstack to find it's binaries. Thanks to George Dunlap for the patch. (Closes: #685749) . [ Luca Tettamanti ] * [90d8287] Fix leak in virStorageBackendLogicalMakeVol (Closes: #705205) libx11 (2:1.5.0-1+deb7u1) wheezy-security; urgency=high . * CVE-2013-1981: integer overflows calculating memory needs for replies * CVE-2013-1997: buffer overflows due to not validating length or offset values in replies * CVE-2013-2004: unbounded recursion parsing user-specified files (closes: #145048) libxcb (1.8.1-2+deb7u1) wheezy-security; urgency=high . * integer overflow in read_packet() [CVE-2013-2064] libxcursor (1:1.1.13-1+deb7u1) wheezy-security; urgency=high . * signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003] libxext (2:1.3.1-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1982] libxfixes (1:5.0-4+deb7u1) wheezy-security; urgency=high . * integer overflow in XFixesGetCursorImage() [CVE-2013-1983] libxi (2:1.6.1-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1984] * sign extension issue in XListInputDevices() [CVE-2013-1995] * buffer overflows due to not validating length or offset values in replies [CVE-2013-1998] libxinerama (2:1.1.2-1+deb7u1) wheezy-security; urgency=high . * integer overflow in XineramaQueryScreens() [CVE-2013-1985] libxp (1:1.0.1-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-2062] libxrandr (2:1.3.2-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1986] libxrender (1:0.9.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1987] libxres (2:1.0.6-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1988] libxt (1:1.1.3-1+deb7u1) wheezy-security; urgency=high . * Unchecked return values of XGetWindowProperty [CVE-2013-2005] * unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002] libxtst (2:1.2.1-1+deb7u1) wheezy-security; urgency=high . * integer overflow in XRecordGetContext() [CVE-2013-2063] libxv (2:1.0.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1989] * buffer overflow in XvQueryPortAttributes() [CVE-2013-2066] libxvmc (2:1.0.7-1+deb7u2) wheezy-security; urgency=high . * Fix regression in CVE-2013-1999 fix. Thanks to Dave Airlie and Al Viro. libxvmc (2:1.0.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1990] * Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999] libxxf86dga (2:1.1.3-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1991] * buffer overflows due to not validating length or offset values in replies [CVE-2013-2000] libxxf86vm (1:1.1.2-1+deb7u1) wheezy-security; urgency=high . * When Xcalloc() returns NULL, you don't need to Xfree() it * Improve error handling in XF86VidModeGetMonitor() * Unlock display before returning alloc error in XF86VidModeGetModeLine(), XF86VidModeGetAllModeLines(), XF86VidModeGetDotClocks() * memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001] * avoid integer overflow in XF86VidModeGetModeLine() linux (3.2.46-1) wheezy; urgency=low . * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.42 - TTY: do not reset master's packet mode - l2tp: Restore socket refcount when sendmsg succeeds - tun: add a missing nf_reset() in tun_net_xmit() - netlabel: correctly list all the static label mappings - sctp: Use correct sideffect command in duplicate cookie handling - rtlwifi: rtl8192cu: Fix problem that prevents reassociation (Closes: #661860) - inet: limit length of fragment queue hash table bucket lists - sfc: Properly sync RX DMA buffer when it is not the last in the page - sfc: Fix efx_rx_buf_offset() in the presence of swiotlb - sfc: Only use TX push if a single descriptor is to be written - ext4: fix the wrong number of the allocated blocks in ext4_split_extent() - jbd2: fix use after free in jbd2_journal_dirty_metadata() - ext4: convert number of blocks to clusters properly - ext4: use atomic64_t for the per-flexbg free_clusters count - cifs: delay super block destruction until all cifsFileInfo objects are gone - USB: xhci: correctly enable interrupts (possibly fix for #703470) - [amd64] Fix the failure case in copy_user_handle_tail() - dm thin: fix discard corruption - USB: serial: fix interface refcounting - vfs,proc: guarantee unique inodes in /proc http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.43 - [armhf/mx5] ASoC: imx-ssi: Fix occasional AC97 reset failure - rtlwifi: usb: add missing freeing of skbuff - xen-blkback: fix dispatch_rw_block_io() error path - net/irda: add missing error path release_sock call - sysfs: fix race between readdir and lseek - sysfs: handle failure path correctly for readdir() - NFSv4.1: Fix a race in pNFS layoutcommit - usb: xhci: Fix TRB transfer length macro used for Event TRB. - nfsd4: reject "negative" acl lengths - Nest rename_lock inside vfsmount_lock - [x86] iommu/amd: Make sure dma_ops are set for hotplug devices - b43: A fix for DMA transmission sequence errors - reiserfs: Fix warning and inode leak when deleting inode with xattrs - virtio: console: add locking around c_ovq operations - mm: prevent mmap_cache race in find_vma() - ixgbe: fix registration order of driver and DCA nofitication - key: Fix resource leak - udf: Fix bitmap overflow on large filesystems with small block size - NFS: nfs_getaclargs.acl_len is a size_t - loop: prevent bdev freeing while device in use - sky2: Threshold for Pause Packet is set wrong - 8021q: fix a potential use-after-free - unix: fix a race condition in unix_release() - atl1e: drop pci-msi support because of packet corruption (possibly fixes: #577747) - ipv6: don't accept multicast traffic with scope 0 - ipv6: don't accept node local multicast traffic from the wire - pch_gbe: fix ip_summed checksum reporting on rx - HID: microsoft: do not use compound literal (fixes FTBFS on m68k) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.44 - USB: serial: fix use-after-free in TIOCMIWAIT - hrtimer: Don't reinitialize a cpu_base lock on CPU_UP - crypto: gcm - fix assumption that assoc has one segment - sched_clock: Prevent 64bit inatomicity on 32bit systems - can: gw: use kmem_cache_free() instead of kfree() - spinlocks and preemption points need to be at least compiler barriers - [x86] mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates - Btrfs: make sure nbytes are right after log replay - kobject: fix kset_find_obj() race with concurrent last kobject_put() - vfs: Revert spurious fix to spinning prevention in prune_icache_sb - ath9k_htc: accept 1.x firmware newer than 1.3 - [armel] Fix kexec by setting outer_cache.inv_all for Feroceon - hugetlbfs: add swap entry check in follow_hugetlb_page() - writeback: fix dirtied pages accounting on redirty - Btrfs: fix race between mmap writes and compression - mtd: Disable mtdchar mmap on MMU systems - fbcon: fix locking harder (Closes: #704933) - hfsplus: fix potential overflow in hfsplus_file_truncate() - sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.45 - [ia64] Wrong asm register contraints in the futex implementation (Closes: #702641) - [ia64] Wrong asm register contraints in the kvm implementation (Closes: #702639) - [ia64] Fix initialization of CMCI/CMCP interrupts - sysfs: fix use after free in case of concurrent read/write and readdir - nfsd: don't run get_file if nfs4_preprocess_stateid_op return error - ext4/jbd2: don't wait (forever) for stale tid caused by wraparound - jbd2: fix race between jbd2_journal_remove_checkpoint and ->j_commit_callback - hrtimer: Fix ktime_add_ns() overflow on 32bit architectures - nfsd4: don't close read-write opens too soon - wireless: regulatory: fix channel disabling race condition - iwlwifi: dvm: don't send zeroed LQ cmd - powerpc/spufs: Initialise inode->i_ino in spufs_new_inode() (possibly fixes: #707175) - clockevents: Set dummy handler on CPU_DEAD shutdown (Closes: #700333) - powerpc: Add isync to copy_and_flush - fs/fscache/stats.c: fix memory leak - md: bad block list should default to disabled. (fixes regression in 3.1) - inotify: invalid mask should return a error number but not set it (fixes regression in 3.2.40) - fs/dcache.c: add cond_resched() to shrink_dcache_parent() - perf: Fix error return code - [x86] perf: Fix offcore_rsp valid mask for SNB/IVB (CVE-2013-2146) - vm: Introduce and use vm_iomap_memory() helper function - atl1e: limit gso segment size to prevent generation of wrong ip length fields (Closes: #565404) - netfilter: don't reset nf_trace in nf_reset() - rtnetlink: Call nlmsg_parse() with correct header length - tcp: incoming connections might use wrong route under synflood - esp4: fix error return code in esp_output() - net: sctp: sctp_auth_key_put: use kzfree instead of kfree - netrom: fix info leak via msg_name in nr_recvmsg() - netrom: fix invalid use of sizeof in nr_recvmsg() - net: drop dst before queueing fragments - [sparc] sparc64: Fix race in TLB batch processing. - r8169: fix 8168evl frame padding. - ixgbe: add missing rtnl_lock in PM resume path - kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() - r8169: fix vlan tag read ordering. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.46 - nfsd4: don't allow owner override on 4.1 CLAIM_FH opens - ext4: limit group search loop for non-extent files - iscsi-target: Fix processing of OOO commands - cifs: only set ops for inodes in I_NEW state - KVM: VMX: fix halt emulation while emulating invalid guest sate - [armel/kirkwood] Enable PCIe port 1 on QNAP TS-11x/TS-21x - drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory overflow - ipmi: ipmi_devintf: compat_ioctl method fails to take ipmi_mutex - btrfs: don't stop searching after encountering the wrong item - TTY: Fix tty miss restart after we turn off flow-control (Closes: #465823) - SUNRPC: Prevent an rpc_task wakeup race - fat: fix possible overflow for fat_clusters - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU - mm compaction: fix of improper cache flush in migration code - mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer - nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary - random: fix accounting race condition with lockless irq entropy_count update - mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas - ipvs: ip_vs_sip_fill_param() BUG: bad check of return value - x86,efi: Check max_size only if it is non-zero. - x86,efi: Implement efi_no_storage_paranoia parameter - tcp: force a dst refcount when prequeue packet - packet: tpacket_v3: do not trigger bug() on wrong header status - macvlan: fix passthru mode race between dev removal and rx path - ipv6: do not clear pinet6 field . [ Ben Hutchings ] * Input: MT: add tracking and frame synchronisation to core * Input: add support for Cypress PS/2 Trackpads (Closes: #703607), thanks to Apollon Oikonomopoulos * drm, agp: Update to 3.4.47: - drm/i915: restrict kernel address leak in debugfs - KMS: fix EDID detailed timing vsync parsing - KMS: fix EDID detailed timing frame rate - drm/radeon: add support for Richland APUs - drm/radeon/benchmark: make sure bo blit copy exists before using it - drm/i915: Don't clobber crtc->fb when queue_flip fails - drm/i915: Use the correct size of the GTT for placing the per-process entries - udl: handle EDID failure properly. - drm/i915: Add no-lvds quirk for Fujitsu Esprimo Q900 - drm/i915: Fall back to bit banging mode for DVO transmitter detection - drm/radeon: don't use get_engine_clock() on APUs - drm/radeon/dce6: add missing display reg for tiling setup - drm/radeon: properly lock disp in mc_stop/resume for evergreen+ - drm/radeon: disable the crtcs in mc_stop (evergreen+) (v2) - drm/radeon/evergreen+: don't enable HPD interrupts on eDP/LVDS - drm/radeon: fix endian bugs in atom_allocate_fb_scratch() - drm/radeon: fix possible segfault when parsing pm tables - drm/radeon: add new richland pci ids - drm/radeon: fix handling of v6 power tables - drm/radeon: Fix VRAM size calculation for VRAM >= 4GB - drm/radeon: check incoming cliprects pointer - drm/mm: fix dump table BUG * [rt] Update to 3.2.45-rt66: - rcutiny: Fix typo of using swake_up() instead of swait_wake() - tcp: force a dst refcount when prequeue packet - x86/mce: Defer mce wakeups to threads for PREEMPT_RT - swap: Use unique local lock name for swap_lock - sched: Add is_idle_task() to handle invalidated uses of idle_cpu() * debugfs: Document change of default mode * iwlwifi: Do not request firmware API version 6 for IWL6005/6205 (Closes: #705655) * bug script: Remove broken sound functions (Closes: #705619) * [i386/486] udeb: Add lxfb to fb-modules (Closes: #705780) * [i386] cpufreq / Longhaul: Disable driver by default (Closes: #707047) * iscsi-target: fix heap buffer overflow on error (CVE-2013-2850) * ath9k: Disable PowerSave by default (Closes: #695968) * dlm: Do not allocate a fd for peeloff (Closes: #706010) * nfsd4: Fix performance problem with RELEASE_LOCKOWNER (Closes: #699361) - hash lockowners to simplify RELEASE_LOCKOWNER - maintain one seqid stream per (lockowner, file) * ipw2100,ipw2200: Fix order of device registration (Closes: #656813) * udf: Fix handling of i_blocks (Closes: #704269) * kbuild: Fix missing '\n' for NEW symbols in yes "" | make oldconfig >conf.new (Closes: #636029) * [i386] udeb: Add viafb to fb-modules (Closes: #705788) - [i386] udeb: Move i2c-algo-bit to i2c-modules and make fb-modules depend on it - viafb: Autoload on OLPC XO 1.5 only * cifs: fix potential buffer overrun when composing a new options string . [ Jonathan Nieder ] * ext3,ext4,nfsd: dir_index: Return 64-bit readdir cookies for NFSv3 and 4 (Closes: #685407) linux (3.2.41-2+deb7u2) wheezy-security; urgency=high . * s390/kvm: Ignore ABI changes, it should not be used OOT linux (3.2.41-2+deb7u2~bpo60+1) squeeze-backports; urgency=high . * Rebuild for squeeze: - Use gcc-4.4 for all architectures - Disable building of udebs - Change ABI number to 0.bpo.4 - Monkey-patch Python collections module to add OrderedDict if necessary - [armel] Disable CRYPTO_FIPS, VGA_ARB, FTRACE on iop32x and ixp4xx to reduce kernel size (as suggested by Arnaud Patard) - Use QUILT_PATCH_OPTS instead of missing quilt patch --fuzz option - Make build target depend on build-arch only, so we don't redundantly build documentation on each architecture . linux (3.2.41-2+deb7u2) wheezy-security; urgency=high . * s390/kvm: Ignore ABI changes, it should not be used OOT . linux (3.2.41-2+deb7u1) wheezy-security; urgency=high . [ dann frazier ] * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) . [ Ben Hutchings ] * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls linux (3.2.41-2+deb7u1) wheezy-security; urgency=high . [ dann frazier ] * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) . [ Ben Hutchings ] * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls lsb (4.1+Debian8+deb7u1) stable; urgency=low . * Fix lsb_release to correctly work with stable release updates incrementing the second digit from Wheezy on. (Closes: #711174) * Add jessie to the release codenames lookup table mesa (8.0.5-4+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1993] modsecurity-apache (2.6.6-6+deb7u1) wheezy; urgency=low . * Applied upstream patch to fix NULL pointer dereference. CVE-2013-2765. (Closes: #710217) mozc (1.5.1090.102-4+deb7u1) stable; urgency=low . * Fix connect error to mozc-server if it is root using uim-mozc. Add patches/fix-root-issue-at-uim.patch. (Closes: #708608) * Update debian/rules. Fix install path of mo file for fcitx-mozc. (Closes: #705573 ) * Update debian/control. Add mozc-data to tegaki-zinnia-japanese to Depends of fcitx-mozc. Add mozc-utils-gui to Recommends of fcitx-mozc. (Closes: #705572) * Remove debian/fcitx-mozc.install. This became unnecessary by other fixes. munin (2.0.6-4+deb7u1) wheezy; urgency=low . * master: - on limit checks, if one of the two values is 'U', make the final value 'U' as well. Cherry-picked 9d84cb3 as 764006e. (Closes: #711201) - fix limit for ABSOLUTE checks too. Cherry-picked 334b691 as 1e44056. - add ":" to the allowed chars in CGI. Cherry-picked 456e117 as 7d3cb5f. (Closes: #710527) - fixes for munin-cgi-graph crashes in trend and predict. Cherry-picked f325fd6 as 5cb74ba. * plugins/df: ignore devtmpfs. Cherry picked from 2.0.16-2. (Closes: #710899) * asyncd: use the same rules as munin-update. Cherry-picked d4ba06b as 87975d0. (Closes: #710529) mysql-5.5 (5.5.31+dfsg-0+wheezy1) stable-security; urgency=high . * New upstream release. SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532 CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511 CVE-2013-2391 CVE-2013-1502 - Patches refreshed. - d/p/yassl.patch - dropped, applied upstream - d/p/debian-mdev382-fixup.patch: dropped, fixed upstream. * d/control: Updating Vcs-* fields to point at wheezy branch. nbd (1:3.2-4~deb7u3) stable; urgency=low . * Clean build directory of unnecessary cruft, and rebuild. Oops. nbd (1:3.2-4~deb7u2) stable; urgency=low . * Remove superfluous 'ulimit -c' calls from simple_test script, so that things will build on buildd machines that have hard limits set for those things, like the mips{,el} buildds. nbd (1:3.2-4~deb7u1) stable; urgency=low . * Re-upload to Wheezy. . nbd (1:3.2-4) unstable; urgency=low . * Unbreak 'nbd-client -l' behaviour; patch by Rogier . Closes: #699374. Why oh why did I forget that with the previous upload? Oh well. . nbd (1:3.2-3) unstable; urgency=low . * Fix handling of NBD_NAME variable in nbd-client initscript. Patch by Rogier . Closes: #699372. * Steal stability fixes from git head: - fix for handling of zero-sized read request - fix for integer output format string - fix for 64-bit offset wrapover. - remove double cast which results in data loss * Change Standards-Version: to 3.9.4. The only change relevant to nbd is the /run transition, but as we were already compliant with that since 1:2.9.23-3, nothing relevant is left. nbd (1:3.2-3) unstable; urgency=low . * Fix handling of NBD_NAME variable in nbd-client initscript. Patch by Rogier . Closes: #699372. * Steal stability fixes from git head: - fix for handling of zero-sized read request - fix for integer output format string - fix for 64-bit offset wrapover. - remove double cast which results in data loss * Change Standards-Version: to 3.9.4. The only change relevant to nbd is the /run transition, but as we were already compliant with that since 1:2.9.23-3, nothing relevant is left. nfs-utils (1:1.2.6-4) stable; urgency=low . * mountd: auth_unix_ip should downcall on error to prevent hangs (Closes: #682709). * Avoid DNS reverse resolution fixes CVE-2013-1923 (Closes: #707401). * Set default domain (Closes: #675188). * Fix getopt handling for -R option (Closes: #707720). nvidia-graphics-drivers (304.88-1+deb7u1) wheezy; urgency=low . * Update lintian overrides. * libcuda1: Add missing Depends: nvidia-support. Postinst may fail if nvidia-support is unpacked, but not configured. (Closes: #675430) octave (3.6.2-5+deb7u1) stable; urgency=low . * rcond.patch: new patch taken from upstream, fixes rcond function openblas (0.1.1-6+deb7u2) stable; urgency=low . * power7.patch: new patch, fixes FTBFS on powerpc machines with Power7 arch openblas (0.1.1-6+deb7u1) stable; urgency=low . * sgemv_uninitialized_buffer.diff: new patch taken from upstream, ensures that vectorized sgemv does not use uninitialized data (Closes: #696000) * dot_uninitialized_buffer.diff: new patch taken from upstream, ensures that vectorized dot does not use uninitialized data * gemv_crash_big_data.diff: new patch taken from upstream, fixes crashes of gemv on big input data (Closes: #697231) * 32bit_athlon.diff: new patch taken from upstream, fixes crashes on 32-bit Athlon CPUs (Closes: #697233) openvpn (2.2.1-8+deb7u1) wheezy; urgency=low . * Applied upstream patch to fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061. (Closes: #707329) otrs2 (3.1.7+dfsg1-8+deb7u1) stable-security; urgency=high . * Add patch 32-CVE-2013-3551 which fixes CVE-2013-3551, also known as OSA-2013-03: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. pcsc-lite (1.8.4-1+deb7u1) wheezy; urgency=low . * Fix "failed upgrade squeeze -> wheezy" by removing addgroup call (Closes: #707756) The pcscd group was instroduced in pcsc-lite 1.6.0 no more used since pcsc-lite 1.8.0 * Correctly check systemd is running (backport from change in 1.8.8-3) * debian/patches/{readerfactory,winscard_clnt}: two important fixes from upstream newer versions. php5 (5.4.4-14+deb7u2) stable; urgency=low . * Fix $_SERVER[REQUEST_TIME] in filter SAPI (Closes: #709023) * Make the Breaks on php5-suhosin versioned to allow suhosin backports when there's a new upstream version (Acked by suhosin maintainer) php5 (5.4.4-14+deb7u1) stable; urgency=low . * Pull upstream fix for FPM drops connection while receiving some binary values in FastCGI requests (Closes: #703056) * Fix crash in garbage collection (patch courtesy of Michal Cihar) (Closes: #706082) * Update libmagic detection of MS Office documents (Closes: #703504) * Fix mssql connector to work with Azure SQL (Closes: #702079) * [CVE-2013-1824]: CVE-2013-1643 was incomplete fix; this pulls full upstream patch (5.4.4-14 already had all the relevant security parts) pristine-tar (1.25+deb7u1) wheezy; urgency=low . * Non-maintainer upload with maintainer approval. * pristine-xz: Update list of allowed parameters for wheezy to support files created with newer versions (in jessie and sid). Closes: #707820 profnet (1.0.21-1+wheezy1) stable-proposed-updates; urgency=low . * Fixed Fortran runtime error (Actual string length is shorter than the declared one for dummy argument) in profnet-isis with a new quilt patch. (Closes: #707874) * Fixed Debian build issue: now builds twice in a row. psqlodbc (1:09.01.0100-1+deb7u1) stable; urgency=low . * Versioned Breaks: libiodbc2 (<= 3.52.7-2), it is multiarch-aware now. (Fixes co-installability with KDE, Closes: #703047.) * Move packaging to git.debian.org. py3dns (3.0.2-1+deb7u1) wheezy; urgency=low . * Revert AAAA query result type change and return raw bytes instead of string (LP: #1184367) readline5 (5.2+dfsg-2~deb7u1) wheezy; urgency=low . * QA upload. * Rebuild for wheezy. (Closes: #670028) request-tracker4 (4.0.7-5+deb7u2) wheezy-security; urgency=high . * Correct dbconfig upgrade script versioning * Add logging fix for previous security fix patchset . request-tracker4 (4.0.7-5+deb7u1) wheezy-security; urgency=high . * Multiple security fixes for: - Privileged user escalation (CVE-2012-4733) - Semi-predictable temporary file names (CVE-2013-3368) - Arbitrary Mason component execution (CVE-2013-3369) - Direct execution of private callback components (CVE-2013-3370) - XSS via attachment filenames and URLs in messages (CVE-2013-3371) - XSS via Content-Disposition header (CVE-2013-3372) - MIME header injection (CVE-2013-3373) - Limited session reuse when using Apache::Session::File (CVE-2013-3374) * Include database upgrade (dbconfig-common and NEWS) request-tracker4 (4.0.7-5+deb7u2~bpo60+1) squeeze-backports; urgency=high . * Rebuild for squeeze-backports. * Drop versioned depends on liburi-perl as it's not available in squeeze (and libplack-perl in bpo depends on an earlier version); this means that upstream #18104 (missing tickets in dashboard emails) is still unfixed * Drop versioned depends on libipc-run-perl as it's not available in at the required version in squeeze-bpo; this means that upstream #19802 (drawing graphs of relationships with UTF-8 strings) is still unfixed . request-tracker4 (4.0.7-5+deb7u2) wheezy-security; urgency=high . * Correct dbconfig upgrade script versioning * Add logging fix for previous security fix patchset . request-tracker4 (4.0.7-5+deb7u1) wheezy-security; urgency=high . * Multiple security fixes for: - Privileged user escalation (CVE-2012-4733) - Semi-predictable temporary file names (CVE-2013-3368) - Arbitrary Mason component execution (CVE-2013-3369) - Direct execution of private callback components (CVE-2013-3370) - XSS via attachment filenames and URLs in messages (CVE-2013-3371) - XSS via Content-Disposition header (CVE-2013-3372) - MIME header injection (CVE-2013-3373) - Limited session reuse when using Apache::Session::File (CVE-2013-3374) * Include database upgrade (dbconfig-common and NEWS) rhash (1.2.9-8+deb7u1) stable; urgency=medium . * Backported two critical bug fixes from RHash 1.2.10 - fix incorrect SHA-512 for messages of certain size - fix incorrect GOST hash on non-x86/amd64 CPUs ruby-tmail (1.2.7.1-3+deb7u1) stable; urgency=low . * Add debian/patches/0004-fix-parsing-of-unquoted-attachment-filenames.patch: restore proper parsing of unquoted attachment filenames. (Closes: #706117) schleuder (2.2.1-2+deb7u1) stable; urgency=low . * Update feature-switch-to-gpgme-2.patch to fix -sendkey. (Closes: #705865) * Update patches to fix issues with plugin directories with the default configuration. (Closes: #705876) * Cherry-pick two upstream patches to fix member listing in 'manage members' plugin. (Closes: #705877) sl-modem (2.9.11~20110321-8+deb7u1) wheezy; urgency=low . [ Andreas Beckmann ] * Non-maintainer upload with maintainer approval. . [ ﺄﺤﻣﺩ ﺎﻠﻤﺤﻣﻭﺪﻳ (Ahmed El-Mahmoudy) ] * debian/sl-modem-source.prerm: Add dummy empty prerm script to work around upgrade failures from squeeze. Thanks to Andreas Beckmann (Closes: #707821) * debian/sl-modem-source.lintian-overrides: Added lintian override for sl-modem-source's dummy empty prerm script smcroute (0.95-1+deb7u1) stable; urgency=low . * Fix a NULL pointer dereferencing in interface vector initialization (closes: #707793, LP: #1043688). spip (2.1.17-1+deb7u1) wheezy-security; urgency=high . * Update security screen to 1.1.7, prevent abusive inscription. * Backport patch from 2.1.21: - fix privilege escalation (Closes: #709674). subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-1968.patch patch. CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline characters in filenames. (Closes: #711033) * Add CVE-2013-2112.patch patch. CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033) systemtap (1.7-1+deb7u1) stable; urgency=low . * Backport upstream commit c5f7c84bf1dcc515 (PR14245: support /sys/kernel/debug mounted 0700) to cope with new debugfs permissions introduced by linux 3.2.29-1 (Closes: #706817): - PR14245-support-sys-kernel-debug-mounted-0700.patch tasksel (3.14.1) stable; urgency=low . * Fix broken test for non-desktop systems which caused the ssh server task to be selected by default on systems with a desktop. telepathy-gabble (0.16.5-1+deb7u1) wheezy-security; urgency=high . * CVE-2013-1431: respect the require-encryption flag on legacy Jabber servers. This flag is on by default: to connect to legacy Jabber servers, either disable "Encryption required (TLS/SSL)" or enable "Use old SSL". tzdata (2013c-0wheezy1) stable; urgency=low . * New upstream version. tzdata (2013c-0squeeze1) oldstable; urgency=low . * New upstream version. user-mode-linux (3.2-2um-1+deb7u1) wheezy-security; urgency=high . * Rebuild against linux-source-3.2 (3.2.41-2+deb7u2): * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls wdm (1.28-13+deb7u1) stable; urgency=low . * QA upload. * wdm.pam: Ignore pam_selinux.so failures when the module does not exist (e.g. on architectures without SE Linux support like non-linux) instead of requiring it. Thanks Laurent Bigonville for bug report and proposed change (Closes: #707231). win32-loader (0.7.4.7+deb7u1) stable; urgency=low . * Post-Wheezy release rebuild to update the embedded dependencies. xen (4.1.4-3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Bastian Blank ] * Make several long runing operations preemptible. CVE-2013-1918 * Fix source validation for VT-d interrupt remapping. CVE-2013-1952 xorg (1:7.7+3~deb7u1) wheezy; urgency=low . * Reupload to stable. . xorg (1:7.7+3) unstable; urgency=low . * Add xserver-xorg-input-vmmouse to -all on i386 and amd64 (closes: #705637). Thanks, Jakob Bornecrantz! xserver-xorg-video-openchrome (1:0.2.906-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1994] ========================================= Sat, 04 May 2013 - Debian 7.0 released =========================================