------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 31-1 http://www.debian.org/
debian-release@lists.debian.org Adam D. Barratt
February 18th, 2013
------------------------------------------------------------------------
Upcoming Debian GNU/Linux 6.0 Update (6.0.7)
An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February
23rd, 2013. As of now it will include the following bug fixes. They can
be found in “squeeze-proposed-updates”, which is carried by all official
mirrors.
Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through “squeeze-updates”.
Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.
The point release will also include a rebuild of debian-installer.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt-show-versions Fix detection of squeeze-updates and squeeze; update official distribution list
base-files Update for the point release
bcron Don't allow jobs access to other jobs temporary files
bind9 Update IP for "D" root server
bugzilla Add dependency on liburi-perl, used during package configuration
choose-mirror Update URL for master mirror list
clamav New upstream version
claws-mail Fix NULL pointer dereference
clive Adapt for youtube.com changes
cups Ship cups-files.conf's manpage
dbus Avoid code execution in setuid/setgid binaries
dbus-glib Fix authentication bypass through insufficient checks (CVE-2013-0292)
dtach Properly handle close request (CVE-2012-3368)
ettercap Fix hosts list parsing (CVE-2013-0722)
fglrx-driver Fix diversion-related issues with upgrades from lenny
flashplugin-nonfree Use gpg --verify
fusionforge Lenny to squeeze upgrade fix
gmime2.2 Add Conflicts: libgmime2.2-cil to fix upgrades from lenny
gzip Avoid using memcpy on overlapping regions
ia32-libs Update included packages from stable / security.d.o
ia32-libs-core Update included packages from stable / security.d.o
kfreebsd-8 Fix CVE-2012-4576: memory access without proper validation in linux compat system
libbusiness-onlinepayment-ippay-perl Backport changes to IPPay gateway's server name and path
libproc-processtable-perl Fix unsafe temporary file usage (CVE-2011-4363)
libzorpll Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev
linux-2.6 Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs
magpierss Fix upgrade issue
maradns Fix CVE-2012-1570 (deleted domain record cache persistence flaw)
mediawiki Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit
moodle Multiple security fixes
nautilus Lenny to squeeze upgrade fix
openldap Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions
openssh Improve DoS resistance (CVE-2010-5107)
pam-pgsql Fix issue with NULL passwords
pam-shield Correctly block IPs when allow_missing_dns is "no"
perl Fix misparsing of maketext strings (CVE-2012-6329)
poppler Security fixes; CVE-2010-0206/7,-4653; fix GooString::insert, correctly initialise variables
portmidi Fix crash
postgresql-8.4 New upstream micro-release
sdic Move bzip2 suggestion to Depends as it is used during installation
snack Fix buffer overflow (CVE-2012-6303)
sphinx Fix incompatibility with jQuery >= 1.4
swath Fix potential buffer overflow in Mule mode
swi-prolog Fix buffer overruns
ttf-ipafont Fix removal of alternatives
tzdata New upstream version; fix DST for America/Bahia (Brazil)
unbound Update IP address hints for D.ROOT-SERVERS.NET
xen Fix clock breakage
xnecview Fix FTBFS on armel
A complete list of all accepted packages together with rationale is on
the preparation page for this revision:
<http://release.debian.org/proposed-updates/stable.html>
Removed packages
----------------
The following packages will be removed due to circumstances beyond our
control:
Package Reason
elmerfem License problems (GPL + non-GPL)
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at “debian-release@lists.debian.org”.
Attachment:
signature.asc
Description: This is a digitally signed message part