Read more here

Read more here

Read more here

Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away 7 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

Miscellaneous Bugfixes
———————-

This stable update adds a few important corrections to the following
packages:

Package Reason
alsa-base Correctly use /etc/default/alsa-base for
configuration, rather than /etc/default/alsa
apt Do not propagate negative scores from
rdepends; properly handle if-modified-since
with libcurl/https
assaultcube-data Fix updates from squeeze; add missing Breaks/
Replaces
base-files Update for the point release
brltty Ensure accessibility is enabled on the
installed system if it was enabled in the
installer; enable sound events at gdm banner
clutter-gst Restore multiarch co-installability
cyrus-imapd-2.4 Fix dataloss during upgrades and links in
documentation
cyrus-sasl2 Fix heavy CPU usage in saslauthd; send LOGOUT
before closing connection in auth_rimap; fix
garbage in output buffer when using
canonuser_plugin: ldapdb
debian-history Updates for the wheezy release
debian-installer Set version to “7″; enable building against
proposed-updates
debootstrap Add support for jessie
dh-make-drupal Use HTTPS for connections to drupal.org
Update Debian data for the wheezy release;
distro-info-data update Ubuntu data to add saucy and correct
some dates
empathy Handle readonly URL field in Google Talk
vCards
freebsd-utils Don’t use –pidfile when starting/stopping
daemons that don’t create one; stop nfsd with
the correct signal
gcc-msp430 Fix generation of wrong interrupt table for
MSP430FR5xxx targets, resulting in blown
security fuses
get-iplayer Update SWF verification URL after changes by
the BBC
gitg Fix run-time crashes and drag’n'drop
Fix segfault on mipsel; fix crash when the
gnome-settings-daemon “Disable touchpad while typing” option is
activated
gpsd Fix crash and potential DoS
isc-dhcp Fix CVE-2013-2494; set –with-ldapcrypto to
restore openssl support
isdnutils Unbreak debian/{ipppd,isdnlog}.config; create
isdnctrl symlink as /dev/isdnctrl and cleanup
possibly misplaced symlink /isdnctrl
keystone Fix CVE-2013-2059
lapack Fix some routines which produce incorrect
results in multithreaded environments
libdatetime-timezone-perl Update for 2013c timezone data
libiodbc2 Find odbc drivers in a system dir, fixing
usability and co-installability with
multiarch odbc drivers
libnss-myhostname Ignore link-local addresses
libpam-mklocaluser Fix runcmd()
libquvi-scripts New upstream release
libreoffice Fix build failures; remove lib/servlet.jar;
fix –view; make oosplash wait for
InternalIPC::ProcessingDone; remove
python3-uno dependencies
libvirt Fix leak in virStorageBackendLogicalMakeVol;
allow xen toolstack to find its binaries
linux Incorporate new upstream stable updates;
update drm/agp to 3.4.47
lsb Update for new X.Y stable versioning; add
jessie
modsecurity-apache Fix NULL pointer dereference. CVE-2013-2765
mozc Fix error connecting to mozc-server as root;
fix dependencies of fcitx-mozc
munin Fix several limit checks and crashes; ignore
devtmpfs in df plugin
nbd Fix handling of NBD_NAME by nbd-client
initscript; several stability fixes
nfs-utils Fix CVE-2013-1923, getopt handling for -R and
hangs in mountd
nvidia-graphics-drivers Add missing dependency on nvidia-support
octave Fix rcond function
openblas Fix crashes and use of uninitialised data;
fix FTBFS on powerpc machines with Power7
arch
openvpn Fix use of non-constant-time memcmp in HMAC
comparison. CVE-2013-2061
pcsc-lite Fix upgrades from squeeze and the check for a
running systemd
php5 Fix CVE-2013-1643 patch, crash in garbage
collection, drops in FPM receiving data in
FastCGI, libmagic detection of Microsoft
Office documents, and mssql connector with
Azure SQL; fix $_SERVER[REQUEST_TIME] in
filter SAPI; make the Breaks on php5-suhosin
versioned to allow suhosin backports
pristine-tar Update list of allowed parameters for wheezy
to support files created with newer versions
profnet Fix fortran runtime error
psqlodbc Versioned Breaks: libiodbc2 (<= 3.52.7-2), it
is multiarch-aware now; fixes
co-installability with KDE
py3dns Fix regression in AAAA query result type
readline5 Fix multiarch paths
rhash Fix incorrect SHA-512 hashes of some messages
and incorrect GOST hashes on some
architectures
ruby-tmail Fix parsing of unquoted attachment filenames
schleuder Fix -sendkey, plugin directory configuration
and member listing
sl-modem Add dummy empty prerm script to work around
upgrade failures from squeeze
smcroute Fix a NULL pointer dereferencing in interface
vector initialization
systemtap Support /sys/kernel/debug mounted 0700 to
cope with new debugfs permissions introduced
by linux 3.2.29-1
tasksel Fix unintended auto-selection of ssh-server
task on desktop machines
tzdata New upstream version
wdm Ignore pam_selinux.so failures when the
module does not exist (e.g. on non-Linux
architectures)
win32-loader Rebuild to update the embedded dependencies
xorg Add xserver-xorg-input-vmmouse to -all on
i386 and amd64

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID Package Correction(s)
DSA-2666 xen Multiple issues
DSA-2667 mysql-5.5 Multiple issues
DSA-2669 linux Multiple issues
DSA-2669 user-mode-linux Multiple issues
DSA-2671 request-tracker4 Multiple issues
DSA-2672 kfreebsd-9 Interpretation conflict
DSA-2673 libdmx Multiple issues
DSA-2674 libxv Multiple issues
DSA-2675 libxvmc Multiple issues
DSA-2676 libxfixes Multiple issues
DSA-2677 libxrender Multiple issues
DSA-2678 mesa Multiple issues
DSA-2679 xserver-xorg-video-openchrome Multiple issues
DSA-2680 libxt Multiple issues
DSA-2681 libxcursor Multiple issues
DSA-2682 libxext Multiple issues
DSA-2683 libxi Multiple issues
DSA-2684 libxrandr Multiple issues
DSA-2685 libxp Multiple issues
DSA-2686 libxcb Multiple issues
DSA-2687 libfs Multiple issues
DSA-2688 libxres Multiple issues
DSA-2689 libxtst Multiple issues
DSA-2690 libxxf86dga Multiple issues
DSA-2691 libxinerama Multiple issues
DSA-2692 libxxf86vm Multiple issues
DSA-2693 libx11 Multiple issues
DSA-2694 spip Privilege escalation
DSA-2695 chromium-browser Multiple issues
DSA-2696 otrs2 Privilege escalation
DSA-2697 gnutls26 Out-of-bounds array read
DSA-2702 telepathy-gabble TLS verification bypass
DSA-2703 subversion Multiple issues

Debian Installer
----------------

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

URLs
----

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian
————

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
——————-

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to , or contact the
stable release team at .

Read more here

Read more here

Read more here

* Welcome to Debian GSoC Students
* Outreach Program for Women, the result of the experiment
* Bits from the DPL
* Expiration of debian-multimedia.org
* Other news
* New Debian Contributors
* Important Debian Security Advisories
* New and noteworthy packages
* Work-needing packages
* Want to continue reading DPN?

Welcome to Debian GSoC Students
——————————-

The Debian project is proud to announce that this year, 16 students have
been accepted into the Google Summer of Code program [1] to work on
improving Debian. This is the highest number of students accepted since
Debian started participating in this program. The list of selected
students and the projects they’re working on is publicly [1]
available [2]. If you are interested in one of these projects, you are
encouraged to come and join the #debian-soc IRC channel, or to contact
the students and their mentors directly.

1: http://bits.debian.org/2013/05/welcome-gsoc-students-2013.html
2: http://www.google-melange.com/gsoc/org/google/gsoc2013/debian

Outreach Program for Women, the result of the experiment
——————————————————–

Mònica Ramírez Arceda announced the result [3] of Debian participation
in the Outreach Program for Women [4]. One of the four applicants was
accepted, but also received a slot for the Google Summer of Code. As a
consequence, this internship was not used. Since the Outreach Program
for Women is run twice a year, Mònica has opened the discussion about
further Debian participation with a call for more volunteers. Join the
#debian-opw IRC channel if you are willing to help with this initiative.

3: http://lists.debian.org/debian-project/2013/06/msg00002.html
4: http://wiki.debian.org/OutreachProgramForWomen

Bits from the DPL
—————–

Lucas Nussbaum sent his monthly report of DPL activities for May
2013 [5]. Among other things, Lucas reminded readers that it could still
be possible to submit talks for DebConf13, in Vaumarcus,
Switzerland [6], and called for the creation of a Debian trademark team,
handling the trademark use requests that are being received following
the publication of the Debian trademark policy [7]. He also mentioned
that discussions which occurred during the last DPL campaign have been
summarised by Brian Gupta on a dedicated page of the Debian Wiki [8],
and encouraged people to contribute to maintaining this page when ideas
are raised on Debian lists.

5: http://lists.debian.org/debian-devel-announce/2013/06/msg00000.html
6: http://debconf13.debconf.org/
7: http://www.debian.org/trademark#policy
8: http://wiki.debian.org/Teams/DPL/Ideas

Expiration of debian-multimedia.org
———————————–

debian-multimedia.org was a popular unofficial repository of Debian
packages. Last year, this service moved to a new domain, and despite
efforts from Debian, the debian-multimedia.org domain recently expired,
and has now been registered by someone unknown to Debian. “This is a
good example of the importance of the use of cryptography to secure APT
repositories”, DPL Lucas Nussbaum said [9]. The Debian project would
like to emphasise the need to consider possible security issues when
using third-party repositories and the importance of not blindly adding
keys to the APT keyring.

9: http://lists.debian.org/debian-devel-announce/2013/06/msg00000.html

Other news
———-

A Swedish municipal e-service named “Fixa Min Gata [10]” (“fix my
street” in English), used for reporting potholes, broken paving stones,
graffiti, non-functioning lamp posts, and other problems, has been
reported [11] to be powered by Debian servers.

10: http://fixamingata.se/
11: https://joinup.ec.europa.eu/elibrary/case/swedish-public-open-source-movement-working-bottom

New Debian Contributors
———————–

4 applicants have been accepted [12] as Debian Maintainers since the
previous issue of the Debian Project News. Please welcome Gianfranco
Costamagna, Emmanuel Bourg, Geoffrey Thomas and Prach Pongpanich into
our project!

12: http://lists.debian.org//debian-project/2013/06/msg00001.html

Important Debian Security Advisories
————————————

Debian’s Security Team recently released advisories for these packages
(among others): subversion [13], telepathy-gabble [14], wireshark [15],
iceweasel [16], krb5 [17], gnutls26 [18], otrs2 [19] and chromium-
browser [20]. Please read them carefully and take the proper measures.

13: http://www.debian.org/security/2013/dsa-2703
14: http://www.debian.org/security/2013/dsa-2702
15: http://www.debian.org/security/2013/dsa-2700
16: http://www.debian.org/security/2013/dsa-2699
17: http://www.debian.org/security/2013/dsa-2701
18: http://www.debian.org/security/2013/dsa-2697
19: http://www.debian.org/security/2013/dsa-2696
20: http://www.debian.org/security/2013/dsa-2695

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the security mailing list [21] (and the separate backports
list [22], and stable updates list [23]) for announcements.

21: http://lists.debian.org/debian-security-announce/
22: http://lists.debian.org/debian-backports-announce/
23: http://lists.debian.org/debian-stable-announce/

New and noteworthy packages
—————————

612 packages were added to the unstable Debian archive recently. Among
many others [24] are:

* choreonoid — integrated robotics GUI environment [25]
* clonezilla — bare metal backup and recovery of disk drives [26]
* dconf-editor — simple configuration storage system [27]
* emscripten — LLVM-to-JavaScript compiler [28]
* hoogle — Haskell API Search for Debian system [29]
* pybik-bin — 3D Rubik’s cube game – binary files [30]
* python-pelican — blog aware, static website generator [31]
* shaarli — personal, minimalist, super-fast and no-database Delicious clone [32]
* systemd-ui — graphical fronted for systemd [33]
* xul-ext-deejayd-webui — Deejayd web user interface XUL extension [34]

24: http://packages.debian.org/unstable/main/newpkg
25: http://packages.debian.org/unstable/main/choreonoid
26: http://packages.debian.org/unstable/main/clonezilla
27: http://packages.debian.org/unstable/main/dconf-editor
28: http://packages.debian.org/unstable/main/emscripten
29: http://packages.debian.org/unstable/main/hoogle
30: http://packages.debian.org/unstable/main/pybik-bin
31: http://packages.debian.org/unstable/main/python-pelican
32: http://packages.debian.org/unstable/main/shaarli
33: http://packages.debian.org/unstable/main/systemd-ui
34: http://packages.debian.org/unstable/main/xul-ext-deejayd-webui

Work-needing packages
———————

Currently [35] 488 packages are orphaned [36] and 142 packages are up
for adoption [37]: please visit the complete list of packages which need
your help [38].

35: http://lists.debian.org/debian-devel/2013/06/msg00263.html
36: http://www.debian.org/devel/wnpp/orphaned
37: http://www.debian.org/devel/wnpp/rfa
38: http://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?
—————————–

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going on.
Please see the contributing page [39] to find out how to help. We’re
looking forward to receiving your mail at
.

39: http://wiki.debian.org/ProjectNews/HowToContribute

This issue of Debian Project News was edited by Cédric Boutillier and
Justin B Rye.

–
To UNSUBSCRIBE, email to debian-news-REQUEST@lists.debian.org
with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20130610201011.GA4213@zouish.org

Read more here

Read more here