[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 22-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.4)

Debian Stable Updates Announcement SUA 22-1       http://www.debian.org/
debian-release@lists.debian.org                          Adam D. Barratt
January 22nd, 2012

Upcoming Debian GNU/Linux 6.0 Update (6.0.4)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, January
28th 2012.  As of now it will include the following bug fixes.  They can
be found in “squeeze-proposed-updates”, which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible.  Some of the updates below are
also already available through “squeeze-updates”.

Testing and feedback would be appreciated.  Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                       Reason

    adolc                         Remove Visual C++ runtime from windows/ directory
    backuppc                      Fix data corruption in tarballs due to logging to stdout and two XSS issues
    base-files                    Update /etc/debian_version for the point release
    base-installer                Add POWER7 to the powerpc64 family
    bti                           Fix identi.ca OAuth URLs
    byobu                         Correct postinst chmod semantics
    bzip2                         Fix CVE-2011-4089
    c-ares                        Fix encoded length for indirect root
    cherokee                      Avoid brute-forceable password in cherokee-admin
    cifs-utils                    Fix mtab corruption issues
    clamav                        New upstream version; fix potential DoS
    clamz                         Handle unencrypted amz files
    cpufrequtils                  Load powernow-k8 for AMD family 20 (i.e. AMD E-350 cpus); better support 3.0 kernels
    dpkg                          Add armhf to {os,triplet}table; defer hardlink renames; do not fail to unpack shared directories missing on the file system from packages being replaced by other packages
    eglibc                        New upstream stable release plus fixes from stable branch
    erlang                        Fix CVE-2011-0766 (cryptographic weakness) in the erlang ssh application
    etherape                      Null pointer dereferences
    gimp                          Fix printing when used with libcairo version 1.10 or above
    gnutls26                      Fix buffer overflow in gnutls_session_get_data()
    hplip                         Fix insecure use of temporary file
    ia32-libs                     Update packages
    ia32-libs-gtk                 Update packages
    ifupdown-extra                Handle moved location of ethtool; fix handling of "rejects" in static-route; use --tmpdir for temporary files; move /etc/network/network-routes to /e/n/routes; documentation updates
    iotop                         Give a helpful error instead of crashing when Linux denies permission to read the taskstats files
    jabberbot                     Bind callbacks after the roster has been initialised
    kernel-wedge                  Add et131x to nic-extra-modules; add isci to scsi-extra-modules; add xhci-hcd to usb-modules
    killer                        Use DNS for mail domain rather than NIS; stop cron job failing when package is removed
    ldap2zone                     Don't send mail on success; syslog instead
    libdata-formvalidator-perl    Fix possible passing of invalid data in untaint mode
    libdebian-installer           Detect IBM pSeries platform as powerpc/chrp_ibm
    libdigest-perl                Fix unsafe use of eval in Digest->new()
    libhtml-template-pro-perl     Fix XSS
    libjifty-dbi-perl             SQL injection
    libmtp                        Add support for Motorola Xoom devices
    libpar-packer-perl            Fix use of unsafe and predictable temporary directories
    libpar-perl                   Fix use of unsafe and predictable temporary directories
    linux-2.6                     Add stable releases, fix xen and tg3 regressions, various fixes
    linux-kernel-di-amd64-2.6     Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-armel-2.6     Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-i386-2.6      Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-ia64-2.6      Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-mips-2.6      Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-mipsel-2.6    Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-powerpc-2.6   Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-s390-2.6      Rebuild against linux-2.6 kernel 2.6.32-41
    linux-kernel-di-sparc-2.6     Rebuild against linux-2.6 kernel 2.6.32-41
    masqmail                      Fix improper seteuid() calls
    mdadm                         Quieten some cron messages; don't break when no scheduling class is specified or no devices are active; LSB header updates
    mediawiki                     Fix unintended exposure of hidden content through cache pollution; disable CVE-2011-4360.patch; doesn't apply to this version and causes errors
    module-init-tools             Support 3.0 kernels
    multipath-tools               Change HP hardware handler to hp_sw; update man pages
    mutt                          Fix validation of commonname (gnutls)
    nfs-utils                     Allow negotiated enctypes to be limited; avoid corrupting mtab
    nginx                         Fix compression pointer processing in DNS response greater than 255 bytes
    nss-pam-ldapd                 Correctly parse /etc/nsswitch.conf, detect calling process identity and fix disconnect logic
    partman-target                Stop treating ISO hybrid images on USB sticks as real optical drives
    pastebinit                    Fix support for user configuration files
    pbuilder                      Rename the /run script from --execute to /runscript, for compatibility with wheezy and later which have /run as a directory replacing /var/run
    perl                          Unregister signal handler before destroying my_perl; fixes segfault; minor security fixes
    phppgadmin                    Fix XSS
    pidgin                        Fix remote crash issues
    postgresql-8.4                New upstream micro-release
    pure-ftpd                     Fix man in the middle attack on encrypted sessions
    python-debian                 Allow ':' as the first character of a value
    python3-defaults              Ignore binary files while checking shebangs
    qemu-kvm                      Fix NIC hotplug from libvirt
    quassel                       Fix missing translations
    recoll                        Plug conversion descriptor leak in unac.c::convert() error path
    rng-tools                     Work around VIA Nano xstore bug; add 3.0 kernel support
    rpm                           Fix malformed header parsing
    samba                         Allow using unencrypted passwords with Windows clients with KB2536276 installed
    shorewall                     Install missing /usr/share/shorewall/helpers
    shorewall-lite                Install missing /usr/share/shorewall/helpers
    shorewall6                    Install missing /usr/share/shorewall/helpers
    shorewall6-lite               Install missing /usr/share/shorewall/helpers
    slbackup                      Fix path to configuration file in the cron job
    slbackup-php                  Fix login issues, deal with blanks in filenames, fix last failed timestamp
    tinyproxy                     Validate port number specified in configuration
    tzdata                        New upstream version
    user-mode-linux               Rebuild against linux-source-2.6.32 (2.6.32-41)
    webkit                        Avoid doing lots of needless NULL DNS lookups
    whatsnewfm                    Handle renaming of freshmeat to freshcode
    xorg-server                   GLX: add missing input sanitization; fix a file disclosure vulnerability and a file permission change vulnerability
    xpdf                          Fix inseucre temporary file usage

A complete list of all accepted packages together with rationale is on
the preparation page for this revision:


If there are any issues, please don't hesitate to get in touch with the
Debian Release Team at “debian-release@lists.debian.org”.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: