Updated Debian 7: 7.3 released

IntnsRed's picture


The Debian Project http://www.debian.org/
Updated Debian 7: 7.3 released press@debian.org
December 14th, 2013 http://www.debian.org/News/2013/20131214

The Debian project is pleased to announce the third update of its stable distribution Debian 7 (codename `wheezy'). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 7 but only updates some of the packages included. There is no need to throw away old `wheezy' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
apt Fix handling of :any in single-arch systems and processing of .debs over 2GB in size
apt-listbugs Insecure use of temporary files
base-files Update for point release
bootchart Fix upgrade path from machines which had lenny's bootchart installed
darktable Fix CVE-2013-1438; fix CVE-2013-1439
distro-info-data Add Ubuntu 14.04, Trusty Tahr
expat Do not ship pkgconfig files
fcitx-cloudpinyin Use Google by default, to replace no longer available previous default
firebird2.5 Final 2.5.2 release, bug fixes
gnome-settings-daemon Remove no longer required patch which makes syndaemon almost useless
gtk+3.0 Load the file icon via a data: URI, to work with librsvg's new origin policy
iftop Fix memory leak
intel-microcode New upstream update
kfreebsd-9 Disable 101_nullfs_vsock.diff
libdatetime-timezone-perl New upstream version
libguestfs Fix CVE-2013-4419: insecure temporary directory handling for remote guestfish
libnet-server-perl Fix use of uninitialized value in pattern match libnet-smtp-tls-butmaintained-perl Fix misuse of IO::Socket::SSL in the SSL_version argument
librsvg Fix CVE-2013-1881: disable loading of external entities
lua-sql Restore multiarch co-installability
meep-lam4 Move /usr/include/meep-lam4 to usr include/meep; fixes building against the -dev package
meep-mpi-default Move /usr/include/meep-mpi-default to /usr/include/meep; fixes building against the -dev package
meep-mpich2 Move /usr/include/meep-mpich2 to /usr/include/meep; fixes building against the -dev package
meep-openmpi Move /usr/include/meep-openmpi to /usr/include/meep; fixes building against the -dev package
multipath-tools Restore `dmsetup export' workaround, lost in previous upload
nagios3 Stop status.cgi listing unauthorised hosts and services, miscellaneous bug fixes
nsd3 Add $network to Required-Start
openttd Fix CVE-2013-6411 (DoS)
postgresql-8.4 New upstream micro-release
postgresql-9.1 New upstream micro-release
rtkit Fix access restriction bypass via polkit race condition
ruby-passenger Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage
scikit-learn Move joblib from Recommends to Depends
smplayer Don't append -fontconfig to the command line options for Mplayer2 to prevent crash at startup
starpu Remove non-free example material
starpu-contrib Remove non-free example material
tzdata New upstream release
usemod-wiki Update hardcoded cookie expiration date from 2013 to 2025
xfce4-weather-plugin Update weather.com API URI

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory Package Correction(s)
DSA-2738 ruby1.9.1 Multiple issues
DSA-2769 kfreebsd-9 Multiple issues
DSA-2770 torque Authentication bypass
DSA-2771 nas Multiple issues
DSA-2772 typo3-src Cross-site scripting
DSA-2773 gnupg Multiple issues
DSA-2774 gnupg2 Multiple issues
DSA-2775 ejabberd Insecure SSL usage
DSA-2777 systemd Multiple issues
DSA-2778 libapache2-mod-fcgid Heap-based buffer overflow
DSA-2779 libxml2 Denial of service
DSA-2781 python-crypto PRNG not correctly reseeded in some situations
DSA-2782 polarssl Multiple issues
DSA-2784 xorg-server Use-after-free
DSA-2785 chromium-browser Multiple issues
DSA-2786 icu Multiple issues
DSA-2787 roundcube Design error
DSA-2788 iceweasel Multiple issues
DSA-2789 strongswan Denial of service and authorization bypass
DSA-2790 nss Uninitialized memory read
DSA-2791 tryton-client Missing input sanitization
DSA-2792 wireshark Multiple issues
DSA-2794 spip Multiple issues
DSA-2795 lighttpd Multiple issues
DSA-2796 torque Arbitrary code execution
DSA-2798 curl Unchecked SSL certificate host name
DSA-2799 chromium-browser Multiple issues
DSA-2800 nss Buffer overflow
DSA-2801 libhttp-body-perl Design error
DSA-2802 nginx Restriction bypass
DSA-2803 quagga Multiple issues
DSA-2804 drupal7 Multiple issues
DSA-2805 sup-mail Remote command injection
DSA-2806 nbd Privilege escalation
DSA-2807 links2 Integer overflow
DSA-2808 openjpeg Multiple issues
DSA-2809 ruby1.8 Multiple issues
DSA-2810 ruby1.9.1 Heap overflow
DSA-2811 chromium-browser Multiple issues

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason
linky License problems
iceweasel-linky License problems

Debian Installer

The installer has been rebuilt to include the fixes incorporated into stable by the point release.


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information
For further information, please visit the Debian web pages at http://www.debian.org/, send mail to press@debian.org, or contact the stable release team at debian-release@lists.debian.org.