------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 39-1 http://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt October 14th, 2013 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 6.0 Update (6.0.8) An update to Debian GNU/Linux 6.0 is scheduled for Saturday, October 19th, 2013. As of now it will include the following bug fixes. They can be found in “squeeze-proposed-updates”, which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through “squeeze-updates”. Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying “debian-release@lists.debian.org” on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason base-files Update version for point release clamav New upstream release; security fixes dpkg-ruby Close files once they're parsed, preventing trouble on dist-upgrades gdm3 Fix potential security issue with partial upgrades to wheezy graphviz Use system ltdl grep Fix CVE-2012-5667 ia32-libs Update included packages from oldstable / security.d.o ia32-libs-gtk Update included packages from oldstable / security.d.o inform Remove calls to update-alternatives ldap2dns Do not unnecessarily include /usr/share/debconf/confmodule in postinst libapache-mod-security Fix NULL pointer dereference. CVE-2013-2765 libmodule-signature-perl CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE libopenid-ruby Fix CVE-2013-1812 libspf2 IPv6 fixes lm-sensors-3 Skip probing for EDID or graphics cards, as it might cause hardware issues moin Do not create empty pagedir (with empty edit-log) net-snmp Fix CVE-2012-2141 openssh Fix potential int overflow when using gssapi-with-mac authentication (CVE-2011-5000) openvpn Fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061 pcp Fix insecure tempfile handling pigz Use more restrictive permissions for in-progress files policyd-weight Remove shut-down njabl DNSBL pyopencl Remove non-free file from examples pyrad Use a better random number generator to prevent predictable password hashing and packet IDs (CVE-2013-0294) python-qt4 Fix crash in uic file with radio buttons request-tracker3.8 Move non-cache data to /var/lib samba Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation smarty Fix CVE-2012-4437 spamassassin Remove shut-down njabl DNSBL; fix RCVD_ILLEGAL_IP to not consider 5.0.0.0/8 as invalid sympa Fix endless loop in wwsympa while loading session data including metacharacters texlive-extra Fix predictable temp file names in latex2man tntnet Fix insecure default tntnet.conf tzdata New upstream version wv2 Really remove src/generator/generator_wword{6,8}.htm xorg-server Link against -lbsd on kfreebsd to make MIT-SHM work with non-world-accessible segments xview Fix alternatives handling zabbix Fix SQL injection, zabbix_agentd DoS, possible path disclosure, field name parameter checking bypass, ability to override LDAP configuration when calling user.login via API A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/oldstable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason irssi-plugin-otr Security issues libpam-rsa Broken, causes security problems If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at “debian-release@lists.debian.org”.
Attachment:
signature.asc
Description: This is a digitally signed message part