------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 16-1 http://www.debian.org/ debian-release@lists.debian.org Philipp Kern October 3rd, 2011 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 6.0 Update (6.0.3) An update to Debian GNU/Linux 6.0 is scheduled for Saturday, October 8th, 2011. As of now it will include the following bug fixes. They can be found in “squeeze-proposed-updates”, which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through “squeeze-updates”. Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying “debian-release@lists.debian.org” on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason ace Rebuild to drop non-distributable files akonadi Support the use of network-mounted $HOME amispammer Update service used for discovering the local IP address apache2 Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp; various documentation and init script fixes aptitude Fix symlink attack in hierarchy editor arcboot Fix netinstall on IP22 / IP32 atop Insecure use of temporary files base-files Update /etc/debian_version for the point release brltty Fix parsing brltty= when not all parameters are provided; setup gconf even if no table was specified clamav New upstream release; fix off-by-one and "opcode 20 not implemented" errors clive Adapt for youtube.com changes conky Fix file overwrite vulnerability ctdb Fix path to ethtool and activation of httpd service debian-installer-utils Set SUDO_FORCE_REMOVE=yes to allow sudo-ldap to be installed from d-i deja-dup Explicitly pass environment to subprocesses to ensure correct GPG operation on restores dokuwiki RSS XSS security fix dput Update backports configuration to use the new .d.o hosts drupal6 Security fix for XSS in color module firmware-nonfree Add VIA VT6656, Realtek RTL8105E-1 and RTL8168E-1/2/3 firmware foo2zjs Fix insecure use of temporary file freebsd-libs Move libsbuf.so.0 and libipx.so.2 to /lib freebsd-utils Provide config files and init.d script for devd; enable ieee80211 (wireless) in ifconfig gajim Fix high CPU load on connection gdebi Try to determine correct localized value for "Y" gdm3 Only show shutdown options when requested; fix double free; only set WINDOWPATH if not NULL; remove beep in PAM dialog patch git Fix off-by-one parsing commit subjects; prevent deadlock when shallow-cloning; documentation updates grub-installer Allow use of grub-legacy to be pre-seeded (if appropriate) grub2 Handle Xen split-partition disk image devices; ensure uniqueness of RAID array numbers; fix grub-probe detection for ATA devices using `ata' driver on kFreeBSD 9 heimdal Allow DES to be used with NFS httpcomponents-client Fix bug causing Proxy-Authorization header to be passed to target hosts ia32-libs Refresh packages from stable and security ia32-libs-gtk Refresh packages from stable and security ibid Fix various security issues; make the HTTP source work again ipmitool Fix segfault kde4libs Prevent marked text being cut when switching documents in kate kfreebsd-8 Fix net802.11 stack kernel memory disclosure (CVE-2011-2480); erge backported if_msk driver from 8-STABLE; re-enable building of some modules kfreebsd-kernel-di-amd64 Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1 kfreebsd-kernel-di-i386 Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1 krb5 Permit gss_set_allowable_enctypes to restrict acceptor enctypes, allowing newer clients to use a squeeze nfs server without degrading security for non-NFS applications kupfer Don't crash if Evolution address book not present libpcap Fix corruption of snapshot length on live captures; fix device detection when bonding in use lintian Fix information disclosure issues linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-armel-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-i386-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-mips-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-s390-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 kernel 2.6.32-37 mesa GLX: suppress BadRequest from DRI2Connect (expected for non-local clients) mod-gnutls Fix segmentation faults nagvis Install documentation; properly apply FollowSymlinks; only call ucf if available nss-pam-ldapd Fix uninitialised memory while parsing the tls_ciphers; fix problem with partial attribute name matches in DN; make all strinumber buffers able to represent 64-bit numbers; treat the "hard" value for tls_reqcert as if it was "demand" openarena Fix arbitrary code execution by malicious bytecode opencv Fix install path of opencv-doc; optimise i386 package for i486 openssh Quieten logs when multiple from= restrictions are used in different authorized_keys lines for the same key openssl Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites pianobar Support XMLRPC API version 31 pmake Fix symlink attack via temporary files postgresql-8.4 Fix regression due to 'fix plpgsql's issues with dropped columns in rowtypes in 8.4 branch' python-recaptcha Update URLs for web service move to google.com quassel Fix DoS via CTCP red5 Add missing dependency on glassfish-javaee sbcl Fix reference to undefined asdf::split in the asdf-install module shelldap Exit with a nicer error message if IO::Socket::SSL isn't installed, but the user is requesting SSL/TLS system-tools-backends Properly handle config file rename tesseract Fix file overwrite vulnerability by disabling xterm-based debug windows typo3-src Fix cache flooding via improper error handling tzdata New upstream version update-inetd Fix breakage with non-default inetd packages usbutils Update USB ID list; build-depend on libusb2-dev on kFreeBSD user-mode-linux Rebuild against linux-2.6 2.6.32-37 v86d Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS vftool Fix a buffer overflow in linetoken() in parseAFM.c vte Fix DoS widelands Fix network play on official maps (regression introduced by previous update) win32-loader Add Built-Using header; allow suite-specific versions; document versions of embedded software xapian-omega Fix escaping issues in templates zfsutils Update LSB init headers to ensure clean startup/shutdown; add bash-completion script A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/stable.html> If there are any issues, please don't hesitate to get in touch with the Debian Release Team at “debian-release@lists.debian.org”.
Attachment:
signature.asc
Description: Digital signature