[SUA 27-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.6)

To: debian-stable-announce@lists.debian.org
Subject: [SUA 27-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.6)
From: Philipp Kern <pkern@debian.org>
Date: Sun, 23 Sep 2012 22:42:01 +0200
Message-id: <[🔎] 20120923204201.GA11902@spike.0x539.de>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.org
-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 27-1        http://www.debian.org/
debian-release@lists.debian.org                              Philipp Kern
September 23rd, 2012
-------------------------------------------------------------------------

Upcoming Debian GNU/Linux 6.0 Update (6.0.6)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, September
29th, 2012. As of now it will include the following bug fixes. They
can be found in “squeeze-proposed-updates”, which is carried by all
official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through “squeeze-updates”.

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

    Package                       Reason

    alpine                        Fix crash in embedded UW-IMAP copy
    apache2                       mod-negotiation - fix CVE-2012-2687; mod_cache - don't cache partial connections; read timeouts should result in a 408
    automake1.10                  Fix CVE-2012-3386
    automake1.11                  Fix CVE-2012-3386
    automake1.7                   Fix CVE-2012-3386
    automake1.9                   Fix CVE-2012-3386
    base-files                    Update /etc/debian_version for the point release
    checkgmail                    Fix GMail authentication issues
    clamav                        New upstream release
    debian-archive-keyring        Add wheezy stable and archive signing keys
    dpkg                          Ensure a reliable unpack on SELinux systems
    eglibc                        Really enable patches/any/cvs-dlopen-tls.diff; fix FORTIFY_SOURCE format string protection bypass; fix a DoS in RPC implementation
    emesene                       Update contact end-point to local-bay.contacts.msn.com
    geshi                         Fix "Local File Inclusion Vulnerability in contrib script"
    gosa                          Security fix (missing escaping)
    libconfig-inifiles-perl       Fix insecure temporary file use
    libgc                         Check for integer overflow in internal malloc and calloc routines
    libmtp                        Fix device flags for some devices; add support for new devices
    libxslt                       Fix CVE-2011-1202, CVE-2011-3970, CVE-2012-2825
    links2                        Security fixes
    linux-2.6                     DRM fixes; leap second fix; security fixes; various driver fixes
    lockfile-progs                Ensure the correct PID is used when creating lockfiles
    mysql-mmm                     Add missing dependency on libpath-class-perl
    network-manager               Stop allowing ad-hoc WPA networks to be created; kernel bugs mean they get created as open networks
    nss-pam-ldapd                 Support larger gecos values; reliability fixes
    nvidia-graphics-drivers       Fix information leak in the kernel module; fix arbitrary memory access vulnerability; fix local privilege escalation through VGA window manipulation
    nvidia-graphics-modules       Rebuild against 195.36.31-6squeeze1 kernel modules for security fixes; rebuild to fix CVE-2012-4225
    php-memcached                 Fix session.gc_maxlifetime handling
    plymouth                      Fix the init script to not fail when the package is removed
    policyd-weight                Remove rfc-ignorant.org RBLs (due to upcoming shutdown) and rbl.ipv6-world.net
    postgresql-common             Do not remove the PID file after SIGKILLing the postmaster in the "last-ditch effort to shut down" in --force mode
    powertop                      Fix segfault on newer kernels with large config files
    publican                      Add missing dependency and build-dependency on libio-string-perl
    rstatd                        Support Linux 3.X kernels
    spip                          Fix base name disclosure; security fixes
    tor                           New upstream; fix TLS 1.1/1.2 renegotiation with openssl 1.0.1; fix potential DOS; fix two crashes and an information disclosure issue
    ttb                           Add missing dependency on python-glade2
    vte                           Fix a memory exhaustion vulnerability
    wims                          Fix installation problem
    wireshark                     Fix crashes in ANSI A detector and pcap{,-ng} parsers
    xserver-xorg-video-intel      UXA/glyphs: Fallback instead of crashing on large strings
    yaws                          Fix RNG strength; fix mail config loading

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

  <http://release.debian.org/proposed-updates/stable.html>

Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

    Package                    Reason

    libtrash            Unmaintained; broken
    kcheckgmail         Unmaintained; broken by Google changes

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at “debian-release@lists.debian.org”.
Attachment: signature.asc
Description: Digital signature
Reply to:
Index(es):
- Date
- Thread