------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 27-1 http://www.debian.org/ debian-release@lists.debian.org Philipp Kern September 23rd, 2012 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 6.0 Update (6.0.6) An update to Debian GNU/Linux 6.0 is scheduled for Saturday, September 29th, 2012. As of now it will include the following bug fixes. They can be found in “squeeze-proposed-updates”, which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through “squeeze-updates”. Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying “debian-release@lists.debian.org” on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason alpine Fix crash in embedded UW-IMAP copy apache2 mod-negotiation - fix CVE-2012-2687; mod_cache - don't cache partial connections; read timeouts should result in a 408 automake1.10 Fix CVE-2012-3386 automake1.11 Fix CVE-2012-3386 automake1.7 Fix CVE-2012-3386 automake1.9 Fix CVE-2012-3386 base-files Update /etc/debian_version for the point release checkgmail Fix GMail authentication issues clamav New upstream release debian-archive-keyring Add wheezy stable and archive signing keys dpkg Ensure a reliable unpack on SELinux systems eglibc Really enable patches/any/cvs-dlopen-tls.diff; fix FORTIFY_SOURCE format string protection bypass; fix a DoS in RPC implementation emesene Update contact end-point to local-bay.contacts.msn.com geshi Fix "Local File Inclusion Vulnerability in contrib script" gosa Security fix (missing escaping) libconfig-inifiles-perl Fix insecure temporary file use libgc Check for integer overflow in internal malloc and calloc routines libmtp Fix device flags for some devices; add support for new devices libxslt Fix CVE-2011-1202, CVE-2011-3970, CVE-2012-2825 links2 Security fixes linux-2.6 DRM fixes; leap second fix; security fixes; various driver fixes lockfile-progs Ensure the correct PID is used when creating lockfiles mysql-mmm Add missing dependency on libpath-class-perl network-manager Stop allowing ad-hoc WPA networks to be created; kernel bugs mean they get created as open networks nss-pam-ldapd Support larger gecos values; reliability fixes nvidia-graphics-drivers Fix information leak in the kernel module; fix arbitrary memory access vulnerability; fix local privilege escalation through VGA window manipulation nvidia-graphics-modules Rebuild against 195.36.31-6squeeze1 kernel modules for security fixes; rebuild to fix CVE-2012-4225 php-memcached Fix session.gc_maxlifetime handling plymouth Fix the init script to not fail when the package is removed policyd-weight Remove rfc-ignorant.org RBLs (due to upcoming shutdown) and rbl.ipv6-world.net postgresql-common Do not remove the PID file after SIGKILLing the postmaster in the "last-ditch effort to shut down" in --force mode powertop Fix segfault on newer kernels with large config files publican Add missing dependency and build-dependency on libio-string-perl rstatd Support Linux 3.X kernels spip Fix base name disclosure; security fixes tor New upstream; fix TLS 1.1/1.2 renegotiation with openssl 1.0.1; fix potential DOS; fix two crashes and an information disclosure issue ttb Add missing dependency on python-glade2 vte Fix a memory exhaustion vulnerability wims Fix installation problem wireshark Fix crashes in ANSI A detector and pcap{,-ng} parsers xserver-xorg-video-intel UXA/glyphs: Fallback instead of crashing on large strings yaws Fix RNG strength; fix mail config loading A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/stable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason libtrash Unmaintained; broken kcheckgmail Unmaintained; broken by Google changes If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at “debian-release@lists.debian.org”.
Attachment:
signature.asc
Description: Digital signature