[Website] 23.02.2013: Debian 6.0.7
Hallo zusammen,
das nächste »point release« steht an und es wird wieder ein riesiger Haufen
Sicherheitslöcher gestopft. Wie üblich findet ihr im Anhang die Nachricht, dazu eine
diff der beiden enthaltenen Tabellen. Wer Zeit und Lust hat, kann sich die ja mal
bitte ansehen.
Die Nachricht hat fast den gleichen Text wie beim letzten Mal, allerdings habe ich
die ersten drei (?) Absätze sprachlich frisiert und es gibt auch wieder ein Paket,
das aus Debian rausgeflogen ist.
Grueße
Erik
--
Linux User: 499744
Linux Machine: 434256
No need to CC me ;)
0a1
>
3c4
< <tr><th>Package</th> <th>Reason</th></tr>
---
> <tr><th>Paket</th> <th>Grund</th></tr>
5c6
< <correction apt-show-versions "Fix detection of squeeze-updates and squeeze; update official distribution list">
---
> <correction apt-show-versions "Repariert die Behebung von squeeze-updates und squeeze; aktualisiert offzielle Distributionsliste">
7c8
< <correction base-files "Update for the point release">
---
> <correction base-files "Aktualisierung für die Zwischenveröffentlichung">
9c10
< <correction bcron "Don't allow jobs access to other jobs' temporary files">
---
> <correction bcron "Erlaubt keinen Jobs, auf die Temporärdateien anderer Jobs zuzugreifen">
11c12
< <correction bind9 "Update IP for <q>D</q> root server">
---
> <correction bind9 "Aktualisiert die IP für <q>D</q>-Root-Server">
13c14
< <correction bugzilla "Add dependency on liburi-perl, used during package configuration">
---
> <correction bugzilla "Fügt eine Abhängigeit von liburi-perl hinzu, während der Paketkonfiguration genutzt">
15c16
< <correction choose-mirror "Update URL for master mirror list">
---
> <correction choose-mirror "Aktualisierter URL für Master-Spiegelliste">
17c18
< <correction clamav "New upstream version">
---
> <correction clamav "Neue Version der Originalautoren">
19c20
< <correction claws-mail "Fix NULL pointer dereference">
---
> <correction claws-mail "Behebt NULL-Zeiger-Deferenzierung">
21c22
< <correction clive "Adapt for youtube.com changes">
---
> <correction clive "Anpassungen an die Änderungen bei youtube.com">
23c24
< <correction cups "Ship cups-files.conf's manpage">
---
> <correction cups "Liefert die Handbuchseite zu cups-files.conf aus">
25c26
< <correction dbus "Avoid code execution in setuid/setgid binaries">
---
> <correction dbus "Vermeidet die Codeausführung in setuid/setgid-Binärdateien">
27c28
< <correction dbus-glib "Fix authentication bypass through insufficient checks (CVE-2013-0292)">
---
> <correction dbus-glib "Behebt Authentifizierungs-Bypass durch unzureichende Prüfungen (CVE-2013-0292)">
29c30
< <correction debian-installer "Rebuild for 6.0.7">
---
> <correction debian-installer "Neubau für 6.0.7">
31c32
< <correction debian-installer-netboot-images "Rebuild against debian-installer 20110106+squeeze4+b3">
---
> <correction debian-installer-netboot-images "Neubau gegen debian-installer 20110106+squeeze4+b3">
33c34
< <correction dtach "Properly handle close request (CVE-2012-3368)">
---
> <correction dtach "Handhabt die Schließungsanfrage richtig (CVE-2012-3368)">
35c36
< <correction ettercap "Fix hosts list parsing (CVE-2013-0722)">
---
> <correction ettercap "Repariert die Auswertung der Hosts-Liste (CVE-2013-0722)">
37c38
< <correction fglrx-driver "Fix diversion-related issues with upgrades from lenny">
---
> <correction fglrx-driver "Behebt diversionsbezogene Probleme bei Upgrades von Lenny">
39c40
< <correction flashplugin-nonfree "Use gpg --verify">
---
> <correction flashplugin-nonfree "Benutzt gpg --verify">
41c42
< <correction fusionforge "Lenny to squeeze upgrade fix">
---
> <correction fusionforge "Repariert Upgrade von Lenny auf Squeeze">
43c44
< <correction gmime2.2 "Add Conflicts: libgmime2.2-cil to fix upgrades from lenny">
---
> <correction gmime2.2 "Konflikt hinzugefügt: libgmime2.2-cil, um Upgrades auf Lenny zu richten">
45c46
< <correction gzip "Avoid using memcpy on overlapping regions">
---
> <correction gzip "Vermeidet die Benutzung von memcpy in überlappenden Bereichen">
47c48
< <correction ia32-libs "Update included packages from stable / security.d.o">
---
> <correction ia32-libs "Aktualisiert enthaltene Pakete von stable/security.d.o">
49c50
< <correction ia32-libs-core "Update included packages from stable / security.d.o">
---
> <correction ia32-libs-core "Aktualisiert enthaltene Pakete von stable/security.d.o">
51c52
< <correction kfreebsd-8 "Fix CVE-2012-4576: memory access without proper validation in linux compat system">
---
> <correction kfreebsd-8 "Behebt CVE-2012-4576: Speicherzugriff ohne angemessene Überprüfung im Linux Compat System">
53c54
< <correction libbusiness-onlinepayment-ippay-perl "Backport changes to IPPay gateway's server name and path">
---
> <correction libbusiness-onlinepayment-ippay-perl "Backport-Änderungein in IPPays Gateway-Servernamen und -pfad">
55c56
< <correction libproc-processtable-perl "Fix unsafe temporary file usage (CVE-2011-4363)">
---
> <correction libproc-processtable-perl "Behebt unsichere Verwendung von Temporärdateien (CVE-2011-4363)">
57c58
< <correction libzorpll "Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev">
---
> <correction libzorpll "Fügt fehlende Breaks/Replaces hinzu: libzorp2-dev bis libzorpll-dev">
59c60
< <correction linux-2.6 "Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs">
---
> <correction linux-2.6 "Update auf Stable-Veröffentlichung 2.6.32.60. Backport der hpsa-, isci- und megaraid_sas-Treiberaktualisierungen. Behebt r8169-Hänger">
61c62
< <correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-amd64-2.6 "Neubau gegen linux-2.6 2.6.32-48">
63c64
< <correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-armel-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
65c66
< <correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-i386-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
67c68
< <correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-ia64-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
69c70
< <correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-mips-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
71c72
< <correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-mipsel-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
73c74
< <correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-powerpc-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
75c76
< <correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-s390-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
77c78
< <correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-48">
---
> <correction linux-kernel-di-sparc-2.6 "Neubau gegen Linux-2.6 2.6.32-48">
79c80
< <correction magpierss "Fix upgrade issue">
---
> <correction magpierss "Upgrade-Problem behoben">
81c82
< <correction maradns "Fix CVE-2012-1570 (deleted domain record cache persistence flaw)">
---
> <correction maradns "CVE-2012-1570 behoben (Hartnäckigkeit von gelöschten Domains im Zwischenspeicher)">
83c84
< <correction mediawiki "Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit">
---
> <correction mediawiki "Schützt vor Sitzungsfixierung in Special:UserLogin (CVE-2012-5391); bewahrt den Linker-Regex vor dem Überschreiten der Backtrack-Grenze">
85c86
< <correction moodle "Multiple security fixes">
---
> <correction moodle "Mehrere Sicherheitskorrekturen">
87c88
< <correction nautilus "Add Breaks: samba-common (<< 2:3.5) to fix a lenny to squeeze upgrade issue">
---
> <correction nautilus "Breaks hinzugefügt: samba-common (<< 2:3.5), um ein Upgradeproblem von Lenny auf Squeeze zu lösen">
89c90
< <correction openldap "Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions">
---
> <correction openldap "Kopiert die Datenbank bei Upgrades in prerm, um Upgrades auf Versionen mit neuerer libdb zu unterstützen">
91c92
< <correction openssh "Improve DoS resistance (CVE-2010-5107)">
---
> <correction openssh "Erhöht den Widerstand gegenüber (CVE-2010-5107)">
93c94
< <correction pam-pgsql "Fix issue with NULL passwords">
---
> <correction pam-pgsql "Behebt ein Problem mit NULL-Passwörtern">
95c96
< <correction pam-shield "Correctly block IPs when allow_missing_dns is <q>no</q>">
---
> <correction pam-shield "Blockiert IPs richtig, wenn allow_missing_dns <q>no</q> ist">
97c98
< <correction perl "Fix misparsing of maketext strings (CVE-2012-6329)">
---
> <correction perl "Behebt die Fehlauswertung von maketext-Zeichenketten (CVE-2012-6329)">
99c100
< <correction poppler "Security fixes; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; fix GooString::insert, correctly initialise variables">
---
> <correction poppler "Sicherheitskorrekturen; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; GooString::insert repariert, initialisiert die Variablen richtig">
101c102
< <correction portmidi "Fix crash">
---
> <correction portmidi "Behebt einen Absturz">
103c104
< <correction postgresql-8.4 "New upstream micro-release">
---
> <correction postgresql-8.4 "Neue Mikro-Veröffentlichung der Originalautoren">
105c106
< <correction sdic "Move bzip2 from Suggests to Depends as it is used during installation">
---
> <correction sdic "Verschiebt Bzip2 von den Empfehlungen zu den Abhängigkeiten, da es während der Installation benutzt wird">
107c108
< <correction snack "Fix buffer overflow (CVE-2012-6303)">
---
> <correction snack "Behebt Pufferüberlauf (CVE-2012-6303)">
109c110
< <correction sphinx "Fix incompatibility with jQuery >= 1.4">
---
> <correction sphinx "Behebt Inkompatibilität mit jQuery >= 1.4">
111c112
< <correction swath "Fix potential buffer overflow in Mule mode">
---
> <correction swath "Behebt potenziellen Pufferüberlauf im Mule-Modus">
113c114
< <correction swi-prolog "Fix buffer overruns">
---
> <correction swi-prolog "Behebt Pufferüberläufe">
115c116
< <correction ttf-ipafont "Fix removal of alternatives">
---
> <correction ttf-ipafont "Behebt die Entfernung von Alternativen">
117c118
< <correction tzdata "New upstream version; fix DST for America/Bahia (Brazil)">
---
> <correction tzdata "Neue Version der Originalautoren; behebt DST für Amerika/Bahia (Brasilien)">
119c120
< <correction unbound "Update IP address hints for D.ROOT-SERVERS.NET">
---
> <correction unbound "Aktualisiert die IP-Adressenhinweise für D.ROOT-SERVERS.NET">
121c122
< <correction xen "Fix clock breakage">
---
> <correction xen "Behebt Uhrendefekt">
123c124
< <correction xnecview "Fix FTBFS on armel">
---
> <correction xnecview "Repariert FTBFS auf armel">
135c136
< <tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
---
> <tr><th>Ankündigungs-ID</th> <th>Paket</th> <th>Korrektur(en)</th></tr>
141c142
< <dsa 2012 2550 asterisk "Multiple issues">
---
> <dsa 2012 2550 asterisk "Mehrere Probleme">
143c144
< <dsa 2012 2551 isc-dhcp "Denial of service">
---
> <dsa 2012 2551 isc-dhcp "Dienstblockade">
145c146
< <dsa 2012 2552 tiff "Multiple issues">
---
> <dsa 2012 2552 tiff "Mehrere Probleme">
147c148
< <dsa 2012 2553 iceweasel "Multiple issues">
---
> <dsa 2012 2553 iceweasel "Mehrere Probleme">
149c150
< <dsa 2012 2554 iceape "Multiple issues">
---
> <dsa 2012 2554 iceape "Mehrere Probleme">
151c152
< <dsa 2012 2555 libxslt "Multiple issues">
---
> <dsa 2012 2555 libxslt "Mehrere Probleme">
153c154
< <dsa 2012 2556 icedove "Multiple issues">
---
> <dsa 2012 2556 icedove "Mehrere Probleme">
155c156
< <dsa 2012 2557 hostapd "Denial of service">
---
> <dsa 2012 2557 hostapd "Dienstblockade">
157c158
< <dsa 2012 2558 bacula "Information disclosure">
---
> <dsa 2012 2558 bacula "Informationsoffenlegung">
159c160
< <dsa 2012 2559 libexif "Multiple issues">
---
> <dsa 2012 2559 libexif "Mehrere Probleme">
161c162
< <dsa 2012 2560 bind9 "Denial of service">
---
> <dsa 2012 2560 bind9 "Dienstblockade">
163c164
< <dsa 2012 2561 tiff "Buffer overflow">
---
> <dsa 2012 2561 tiff "Pufferüberlauf">
165c166
< <dsa 2012 2562 cups-pk-helper "Privilege escalation">
---
> <dsa 2012 2562 cups-pk-helper "Privilegeskalation">
167c168
< <dsa 2012 2563 viewvc "Multiple issues">
---
> <dsa 2012 2563 viewvc "Mehrere Probleme">
169c170
< <dsa 2012 2564 tinyproxy "Denial of service">
---
> <dsa 2012 2564 tinyproxy "Dienstblockade">
171c172
< <dsa 2012 2565 iceweasel "Multiple issues">
---
> <dsa 2012 2565 iceweasel "Mehrere Probleme">
173c174
< <dsa 2012 2566 exim4 "Heap overflow">
---
> <dsa 2012 2566 exim4 "Überlauf des dynamischen Speichers">
175c176
< <dsa 2012 2567 request-tracker3.8 "Multiple issues">
---
> <dsa 2012 2567 request-tracker3.8 "Mehrere Probleme">
177c178
< <dsa 2012 2568 rtfm "Privilege escalation">
---
> <dsa 2012 2568 rtfm "Privilegeskalation">
179c180
< <dsa 2012 2569 icedove "Multiple issues">
---
> <dsa 2012 2569 icedove "Mehrere Probleme">
181c182
< <dsa 2012 2570 openoffice.org "Multiple issues">
---
> <dsa 2012 2570 openoffice.org "Mehrere Probleme">
183c184
< <dsa 2012 2571 libproxy "Buffer overflow">
---
> <dsa 2012 2571 libproxy "Pufferüberlauf">
185c186
< <dsa 2012 2572 iceape "Multiple issues">
---
> <dsa 2012 2572 iceape "Mehrere Probleme">
187c188
< <dsa 2012 2573 radsecproxy "SSL certificate verification weakness">
---
> <dsa 2012 2573 radsecproxy "Schwäche bei der Verifizierung von SSL-Zeritifikaten">
189c190
< <dsa 2012 2574 typo3-src "Multiple issues">
---
> <dsa 2012 2574 typo3-src "Mehrere Probleme">
191c192
< <dsa 2012 2575 tiff "Heap overflow">
---
> <dsa 2012 2575 tiff "Überlauf des dynamischen Speichers">
193c194
< <dsa 2012 2576 trousers "Denial of service">
---
> <dsa 2012 2576 trousers "Dienstblockade">
195c196
< <dsa 2012 2577 libssh "Multiple issues">
---
> <dsa 2012 2577 libssh "Mehrere Probleme">
197c198
< <dsa 2012 2578 rssh "Multiple issues">
---
> <dsa 2012 2578 rssh "Mehrere Probleme">
199c200
< <dsa 2012 2579 apache2 "Multiple issues">
---
> <dsa 2012 2579 apache2 "Mehrere Probleme">
201c202
< <dsa 2012 2580 libxml2 "Buffer overflow">
---
> <dsa 2012 2580 libxml2 "Pufferüberlauf">
203c204
< <dsa 2012 2582 xen "Denial of service">
---
> <dsa 2012 2582 xen "Dienstblockade">
205c206
< <dsa 2012 2583 iceweasel "Multiple issues">
---
> <dsa 2012 2583 iceweasel "Mehrere Probleme">
207c208
< <dsa 2012 2584 iceape "Multiple issues">
---
> <dsa 2012 2584 iceape "Mehrere Probleme">
209c210
< <dsa 2012 2585 bogofilter "Heap-based buffer overflow">
---
> <dsa 2012 2585 bogofilter "Pufferüberlauf basierend auf dynamischem Speicher">
211c212
< <dsa 2012 2586 perl "Multiple issues">
---
> <dsa 2012 2586 perl "Mehrere Probleme">
213c214
< <dsa 2012 2587 libcgi-pm-perl "HTTP header injection">
---
> <dsa 2012 2587 libcgi-pm-perl "HTTP-Header-Injektion">
215c216
< <dsa 2012 2588 icedove "Multiple issues">
---
> <dsa 2012 2588 icedove "Mehrere Probleme">
217c218
< <dsa 2012 2589 tiff "Buffer overflow">
---
> <dsa 2012 2589 tiff "Pufferüberlauf">
219c220
< <dsa 2012 2590 wireshark "Multiple issues">
---
> <dsa 2012 2590 wireshark "Mehrere Probleme">
221c222
< <dsa 2012 2591 mahara "Multiple issues">
---
> <dsa 2012 2591 mahara "Mehrere Probleme">
223c224
< <dsa 2012 2592 elinks "Programming error">
---
> <dsa 2012 2592 elinks "Programmierfehler">
225c226
< <dsa 2012 2593 moin "Multiple issues">
---
> <dsa 2012 2593 moin "Mehrere Probleme">
227c228
< <dsa 2012 2594 virtualbox-ose "Programming error">
---
> <dsa 2012 2594 virtualbox-ose "Programmierfehler">
229c230
< <dsa 2012 2595 ghostscript "Buffer overflow">
---
> <dsa 2012 2595 ghostscript "Pufferüberlauf">
231c232
< <dsa 2012 2596 mediawiki-extensions "Cross-site scripting in RSSReader extension">
---
> <dsa 2012 2596 mediawiki-extensions "Cross-Site-Scripting in der RSSReader-Erweiterung">
233c234
< <dsa 2013 2597 rails "Input validation error">
---
> <dsa 2013 2597 rails "Fehler bei Eingabeverifizierung">
235c236
< <dsa 2013 2598 weechat "Multiple issues">
---
> <dsa 2013 2598 weechat "Mehrere Probleme">
237c238
< <dsa 2013 2599 nss "Mis-issued intermediates">
---
> <dsa 2013 2599 nss "Falsch herausgegebene Zwischenprodukte">
239c240
< <dsa 2013 2600 cups "Privilege escalation">
---
> <dsa 2013 2600 cups "Privilegeskalation">
241c242
< <dsa 2013 2601 gnupg2 "Missing input sanitation">
---
> <dsa 2013 2601 gnupg2 "Fehlende Eingabeverifizierung">
243c244
< <dsa 2013 2601 gnupg "Missing input sanitation">
---
> <dsa 2013 2601 gnupg "Fehlende Eingabeverifizierung">
245c246
< <dsa 2013 2602 zendframework "XML external entity inclusion">
---
> <dsa 2013 2602 zendframework "Einbeziehungen externer XML-Entitäten">
247c248
< <dsa 2013 2603 emacs23 "Programming error">
---
> <dsa 2013 2603 emacs23 "Programmierfehler">
249c250
< <dsa 2013 2604 rails "Insufficient input validation">
---
> <dsa 2013 2604 rails "Unzureichende Eingabeverifizierung">
251c252
< <dsa 2013 2605 asterisk "Multiple issues">
---
> <dsa 2013 2605 asterisk "Mehrere Probleme">
253c254
< <dsa 2013 2606 proftpd-dfsg "Symlink race">
---
> <dsa 2013 2606 proftpd-dfsg "Symlink-Rennen">
255c256
< <dsa 2013 2607 qemu-kvm "Buffer overflow">
---
> <dsa 2013 2607 qemu-kvm "Pufferüberlauf">
257c258
< <dsa 2013 2608 qemu "Buffer overflow">
---
> <dsa 2013 2608 qemu "Pufferüberlauf">
259c260
< <dsa 2013 2609 rails "SQL query manipulation">
---
> <dsa 2013 2609 rails "SQL-Abfragemanipulation">
261c262
< <dsa 2013 2610 ganglia "Remote code execution">
---
> <dsa 2013 2610 ganglia "Fern-Codeausführung">
263c264
< <dsa 2013 2611 movabletype-opensource "Multiple issues">
---
> <dsa 2013 2611 movabletype-opensource "Mehrere Probleme">
265c266
< <dsa 2013 2612 ircd-ratbox "Remote crash">
---
> <dsa 2013 2612 ircd-ratbox "Fernabsturz">
267c268
< <dsa 2013 2613 rails "Insufficient input validation">
---
> <dsa 2013 2613 rails "Unzureichende Eingabeverifizierung">
269c270
< <dsa 2013 2614 libupnp "Multiple issues">
---
> <dsa 2013 2614 libupnp "Mehrere Probleme">
271c272
< <dsa 2013 2615 libupnp4 "Multiple issues">
---
> <dsa 2013 2615 libupnp4 "Mehrere Probleme">
273c274
< <dsa 2013 2616 nagios3 "Buffer overflow vulnerability">
---
> <dsa 2013 2616 nagios3 "Anfälligkeit für Pufferüberläufe">
275c276
< <dsa 2013 2617 samba "Multiple issues">
---
> <dsa 2013 2617 samba "Mehrere Probleme">
277c278
< <dsa 2013 2618 ircd-hybrid "Denial of service">
---
> <dsa 2013 2618 ircd-hybrid "Dienstblockade">
279c280
< <dsa 2013 2619 xen-qemu-dm-4.0 "Buffer overflow">
---
> <dsa 2013 2619 xen-qemu-dm-4.0 "Pufferüberlauf">
281c282
< <dsa 2013 2620 rails "Multiple issues">
---
> <dsa 2013 2620 rails "Mehrere Probleme">
283c284
< <dsa 2013 2621 openssl "Multiple issues">
---
> <dsa 2013 2621 openssl "Mehrere Probleme">
285c286
< <dsa 2013 2622 polarssl "Multiple issues">
---
> <dsa 2013 2622 polarssl "Mehrere Probleme">
287c288
< <dsa 2013 2623 openconnect "Buffer overflow">
---
> <dsa 2013 2623 openconnect "Pufferüberlauf">
289c290
< <dsa 2013 2624 ffmpeg "Multiple issues">
---
> <dsa 2013 2624 ffmpeg "Mehrere Probleme">
291c292
< <dsa 2013 2625 wireshark "Multiple issues">
---
> <dsa 2013 2625 wireshark "Mehrere Probleme">
293c294
< <dsa 2013 2626 lighttpd "Multiple issues">
---
> <dsa 2013 2626 lighttpd "Mehrere Probleme">
295c296
< <dsa 2013 2627 nginx "Information leak">
---
> <dsa 2013 2627 nginx "Informationsleck">
300d300
<
<define-tag pagetitle>Updated Debian 6.0: 6.0.7 released</define-tag>
<define-tag pagetitle>Debian 6.0 aktualisiert: 6.0.7 veröffentlicht</define-tag>
<define-tag release_date>2013-02-23</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.7</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="http://packages.debian.org/src:%s";>%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="http://packages.debian.org/src:%0";>%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="http://packages.debian.org/src:%0";>%0</a></define-tag>
-----
<p>The Debian project is pleased to announce the seventh update of its
stable distribution Debian <release> (codename <q><codename></q>).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.</p>
<p>
Das Debian-Projekt freut sich, die fünfte Aktualisierung seiner
Stable-Distribution Debian <release> (Codename <q><codename></q>) ankündigen zu
dürfen. Diese Aktualisierung fügt der Stable-Veröffentlichung hauptsächlich
Sicherheitskorrekturen hinzu, zusammen mit Lösungen für einige
ernste Probleme. Für sie sind bereits separate Sicherheitsankündigungen
veröffentlicht worden, auf die, wenn möglich, verwiesen wird.
</p>
-----
<p>Please note that this update does not constitute a new version of Debian
<release> but only updates some of the packages included. There is
no need to throw away <release> CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.</p>
<p>
Bitte beachten Sie, dass diese Aktualisierung keine neue Version von
Debian <release> darstellt, sondern nur einige der enthaltenen Pakete
auffrischt. Es gibt keinen Grund, <release>-CDs oder -DVDs wegzuwerfen, denn es
reicht, neue Installationen mit einem aktuellen Debian-Spiegelserver
abzugleichen, damit alle veralteten Pakete ausgetauscht werden.
</p>
-----
<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>
<p>
Wer häufig Aktualisierungen von security.debian.org herunterlädt, wird
nicht viele Pakete auf den neuesten Stand bringen müssen. Die meisten
Aktualisierungen von security.debian.org sind in dieser Revision enthalten.
</p>
-----
<p>New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.</p>
<p>
Neue Installationsmedien sowie CD- und DVD-Abbilder mit den neuen Paketen
können bald von den gewohnten Orten bezogen werden.
</p>
-----
<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:</p>
<p>
Für das Online-Upgrade auf diese Version wird in der Regel die Aptitude-
(oder APT-) Paketverwaltung auf einen der vielen Debian-FTP- oder
HTTP-Spiegel verwiesen (siehe auch die Handbuchseite zu sources.list(5)).
Eine vollständige Liste der Spiegelserver findet sich unter:
</p>
-----
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
-----
<h2>Miscellaneous Bugfixes</h2>
<p>This stable update adds a few important corrections to the following
packages:</p>
<h2>Verschiedene Fehlerkorrekturen</h2>
<p>Diese Stable-Aktualisierung nimmt an den folgenden Paketen einige wichtige
Korrekturen vor:</p>
-----
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction apt-show-versions "Fix detection of squeeze-updates and squeeze; update official distribution list">
<correction base-files "Update for the point release">
<correction bcron "Don't allow jobs access to other jobs' temporary files">
<correction bind9 "Update IP for <q>D</q> root server">
<correction bugzilla "Add dependency on liburi-perl, used during package configuration">
<correction choose-mirror "Update URL for master mirror list">
<correction clamav "New upstream version">
<correction claws-mail "Fix NULL pointer dereference">
<correction clive "Adapt for youtube.com changes">
<correction cups "Ship cups-files.conf's manpage">
<correction dbus "Avoid code execution in setuid/setgid binaries">
<correction dbus-glib "Fix authentication bypass through insufficient checks (CVE-2013-0292)">
<correction debian-installer "Rebuild for 6.0.7">
<correction debian-installer-netboot-images "Rebuild against debian-installer 20110106+squeeze4+b3">
<correction dtach "Properly handle close request (CVE-2012-3368)">
<correction ettercap "Fix hosts list parsing (CVE-2013-0722)">
<correction fglrx-driver "Fix diversion-related issues with upgrades from lenny">
<correction flashplugin-nonfree "Use gpg --verify">
<correction fusionforge "Lenny to squeeze upgrade fix">
<correction gmime2.2 "Add Conflicts: libgmime2.2-cil to fix upgrades from lenny">
<correction gzip "Avoid using memcpy on overlapping regions">
<correction ia32-libs "Update included packages from stable / security.d.o">
<correction ia32-libs-core "Update included packages from stable / security.d.o">
<correction kfreebsd-8 "Fix CVE-2012-4576: memory access without proper validation in linux compat system">
<correction libbusiness-onlinepayment-ippay-perl "Backport changes to IPPay gateway's server name and path">
<correction libproc-processtable-perl "Fix unsafe temporary file usage (CVE-2011-4363)">
<correction libzorpll "Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev">
<correction linux-2.6 "Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction magpierss "Fix upgrade issue">
<correction maradns "Fix CVE-2012-1570 (deleted domain record cache persistence flaw)">
<correction mediawiki "Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit">
<correction moodle "Multiple security fixes">
<correction nautilus "Add Breaks: samba-common (<< 2:3.5) to fix a lenny to squeeze upgrade issue">
<correction openldap "Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions">
<correction openssh "Improve DoS resistance (CVE-2010-5107)">
<correction pam-pgsql "Fix issue with NULL passwords">
<correction pam-shield "Correctly block IPs when allow_missing_dns is <q>no</q>">
<correction perl "Fix misparsing of maketext strings (CVE-2012-6329)">
<correction poppler "Security fixes; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; fix GooString::insert, correctly initialise variables">
<correction portmidi "Fix crash">
<correction postgresql-8.4 "New upstream micro-release">
<correction sdic "Move bzip2 from Suggests to Depends as it is used during installation">
<correction snack "Fix buffer overflow (CVE-2012-6303)">
<correction sphinx "Fix incompatibility with jQuery >= 1.4">
<correction swath "Fix potential buffer overflow in Mule mode">
<correction swi-prolog "Fix buffer overruns">
<correction ttf-ipafont "Fix removal of alternatives">
<correction tzdata "New upstream version; fix DST for America/Bahia (Brazil)">
<correction unbound "Update IP address hints for D.ROOT-SERVERS.NET">
<correction xen "Fix clock breakage">
<correction xnecview "Fix FTBFS on armel">
</table>
-----
<h2>Security Updates</h2>
<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>
<h2>Sicherheitsaktualisierungen</h2>
<p>Diese Revision fügt der Stable-Veröffentlichung die folgenden
Sicherheitsaktualisierungen hinzu. Das Sicherheits-Team hat bereits für jede
davon eine Ankündigung veröffentlicht:</p>
-----
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2012 2550 asterisk "Multiple issues">
<dsa 2012 2551 isc-dhcp "Denial of service">
<dsa 2012 2552 tiff "Multiple issues">
<dsa 2012 2553 iceweasel "Multiple issues">
<dsa 2012 2554 iceape "Multiple issues">
<dsa 2012 2555 libxslt "Multiple issues">
<dsa 2012 2556 icedove "Multiple issues">
<dsa 2012 2557 hostapd "Denial of service">
<dsa 2012 2558 bacula "Information disclosure">
<dsa 2012 2559 libexif "Multiple issues">
<dsa 2012 2560 bind9 "Denial of service">
<dsa 2012 2561 tiff "Buffer overflow">
<dsa 2012 2562 cups-pk-helper "Privilege escalation">
<dsa 2012 2563 viewvc "Multiple issues">
<dsa 2012 2564 tinyproxy "Denial of service">
<dsa 2012 2565 iceweasel "Multiple issues">
<dsa 2012 2566 exim4 "Heap overflow">
<dsa 2012 2567 request-tracker3.8 "Multiple issues">
<dsa 2012 2568 rtfm "Privilege escalation">
<dsa 2012 2569 icedove "Multiple issues">
<dsa 2012 2570 openoffice.org "Multiple issues">
<dsa 2012 2571 libproxy "Buffer overflow">
<dsa 2012 2572 iceape "Multiple issues">
<dsa 2012 2573 radsecproxy "SSL certificate verification weakness">
<dsa 2012 2574 typo3-src "Multiple issues">
<dsa 2012 2575 tiff "Heap overflow">
<dsa 2012 2576 trousers "Denial of service">
<dsa 2012 2577 libssh "Multiple issues">
<dsa 2012 2578 rssh "Multiple issues">
<dsa 2012 2579 apache2 "Multiple issues">
<dsa 2012 2580 libxml2 "Buffer overflow">
<dsa 2012 2582 xen "Denial of service">
<dsa 2012 2583 iceweasel "Multiple issues">
<dsa 2012 2584 iceape "Multiple issues">
<dsa 2012 2585 bogofilter "Heap-based buffer overflow">
<dsa 2012 2586 perl "Multiple issues">
<dsa 2012 2587 libcgi-pm-perl "HTTP header injection">
<dsa 2012 2588 icedove "Multiple issues">
<dsa 2012 2589 tiff "Buffer overflow">
<dsa 2012 2590 wireshark "Multiple issues">
<dsa 2012 2591 mahara "Multiple issues">
<dsa 2012 2592 elinks "Programming error">
<dsa 2012 2593 moin "Multiple issues">
<dsa 2012 2594 virtualbox-ose "Programming error">
<dsa 2012 2595 ghostscript "Buffer overflow">
<dsa 2012 2596 mediawiki-extensions "Cross-site scripting in RSSReader extension">
<dsa 2013 2597 rails "Input validation error">
<dsa 2013 2598 weechat "Multiple issues">
<dsa 2013 2599 nss "Mis-issued intermediates">
<dsa 2013 2600 cups "Privilege escalation">
<dsa 2013 2601 gnupg2 "Missing input sanitation">
<dsa 2013 2601 gnupg "Missing input sanitation">
<dsa 2013 2602 zendframework "XML external entity inclusion">
<dsa 2013 2603 emacs23 "Programming error">
<dsa 2013 2604 rails "Insufficient input validation">
<dsa 2013 2605 asterisk "Multiple issues">
<dsa 2013 2606 proftpd-dfsg "Symlink race">
<dsa 2013 2607 qemu-kvm "Buffer overflow">
<dsa 2013 2608 qemu "Buffer overflow">
<dsa 2013 2609 rails "SQL query manipulation">
<dsa 2013 2610 ganglia "Remote code execution">
<dsa 2013 2611 movabletype-opensource "Multiple issues">
<dsa 2013 2612 ircd-ratbox "Remote crash">
<dsa 2013 2613 rails "Insufficient input validation">
<dsa 2013 2614 libupnp "Multiple issues">
<dsa 2013 2615 libupnp4 "Multiple issues">
<dsa 2013 2616 nagios3 "Buffer overflow vulnerability">
<dsa 2013 2617 samba "Multiple issues">
<dsa 2013 2618 ircd-hybrid "Denial of service">
<dsa 2013 2619 xen-qemu-dm-4.0 "Buffer overflow">
<dsa 2013 2620 rails "Multiple issues">
<dsa 2013 2621 openssl "Multiple issues">
<dsa 2013 2622 polarssl "Multiple issues">
<dsa 2013 2623 openconnect "Buffer overflow">
<dsa 2013 2624 ffmpeg "Multiple issues">
<dsa 2013 2625 wireshark "Multiple issues">
<dsa 2013 2626 lighttpd "Multiple issues">
<dsa 2013 2627 nginx "Information leak">
</table>
-----
<h2>Debian Installer</h2>
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
<h2>Debian-Installer</h2>
<p>
Der Installer wurde neu gebaut, damit er die Fehlerkorrekturen enthält, welche
diese Zwischenveröffentlichung in Stable eingebracht hat.
</p>
-----
<h2>Removed packages</h2>
<p>The following packages were removed due to circumstances beyond our
control:</p>
<h2>Entfernte Pakete</h2>
<p>
Die folgenden Pakete wurden auf Grund von Umständen entfernt, die außerhalb
unserer Kontrolle liegen:
</p>
-----
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction elmerfem "License problems (GPL + non-GPL)">
</table>
<table border=0>
<tr><th>Paket</th> <th>Grund</th></tr>
<correction elmerfem "Lizenzprobleme (GPL + nicht-GPL)">
</table>
-----
<h2>URLs</h2>
<p>The complete lists of packages that have changed with this
revision:</p>
<h2>URLs</h2>
<p>Die vollständige Liste von Paketen, die sich mit dieser Revision geändert
haben:</p>
-----
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
-----
<p>The current stable distribution:</p>
<p>Die derzeitige Stable-Distribution:</p>
-----
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/";>
</div>
-----
<p>Proposed updates to the stable distribution:</p>
<p>Vorgeschlagene Aktualisierungen für die Stable-Distribution:</p>
-----
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates/";>
</div>
-----
<p>stable distribution information (release notes, errata etc.):</p>
<p>Informationen zur Stable-Distribution (Veröffentlichungshinweise, Errata
usw.):</p>
-----
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
-----
<p>Security announcements and information:</p>
<p>Sicherheitsankündigungen und -informationen:</p>
-----
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
-----
<h2>About Debian</h2>
<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>
<h2>Contact Information</h2>
<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">http://www.debian.org/</a>, send mail to
<press@debian.org>, or contact the stable release team at
<debian-release@lists.debian.org>.</p>
<h2>Über Debian</h2>
<p>Das Debian-Projekt ist eine Vereinigung von Entwicklern Freier Software,
die ihre Kraft und Zeit dafür opfern, das vollständig freie Betriebssystem
Debian zu erschaffen.</p>
<h2>Kontaktinformationen</h2>
<p>Für weitere Informationen besuchen Sie bitte die Debian-Webseiten unter
<a href="$(HOME)/">http://www.debian.org/</a>, schicken eine E-Mail an
<press@debian.org>, oder kontaktieren das Stable-Release-Team
auf Englisch über <debian-release@lists.debian.org>.</p>
Reply to: