------------------------------------------------------------------------ Debian Stable Updates Announcement SUA 31-1 http://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt February 18th, 2013 ------------------------------------------------------------------------ Upcoming Debian GNU/Linux 6.0 Update (6.0.7) An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February 23rd, 2013. As of now it will include the following bug fixes. They can be found in “squeeze-proposed-updates”, which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through “squeeze-updates”. Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying “debian-release@lists.debian.org” on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason apt-show-versions Fix detection of squeeze-updates and squeeze; update official distribution list base-files Update for the point release bcron Don't allow jobs access to other jobs temporary files bind9 Update IP for "D" root server bugzilla Add dependency on liburi-perl, used during package configuration choose-mirror Update URL for master mirror list clamav New upstream version claws-mail Fix NULL pointer dereference clive Adapt for youtube.com changes cups Ship cups-files.conf's manpage dbus Avoid code execution in setuid/setgid binaries dbus-glib Fix authentication bypass through insufficient checks (CVE-2013-0292) dtach Properly handle close request (CVE-2012-3368) ettercap Fix hosts list parsing (CVE-2013-0722) fglrx-driver Fix diversion-related issues with upgrades from lenny flashplugin-nonfree Use gpg --verify fusionforge Lenny to squeeze upgrade fix gmime2.2 Add Conflicts: libgmime2.2-cil to fix upgrades from lenny gzip Avoid using memcpy on overlapping regions ia32-libs Update included packages from stable / security.d.o ia32-libs-core Update included packages from stable / security.d.o kfreebsd-8 Fix CVE-2012-4576: memory access without proper validation in linux compat system libbusiness-onlinepayment-ippay-perl Backport changes to IPPay gateway's server name and path libproc-processtable-perl Fix unsafe temporary file usage (CVE-2011-4363) libzorpll Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev linux-2.6 Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs magpierss Fix upgrade issue maradns Fix CVE-2012-1570 (deleted domain record cache persistence flaw) mediawiki Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit moodle Multiple security fixes nautilus Lenny to squeeze upgrade fix openldap Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions openssh Improve DoS resistance (CVE-2010-5107) pam-pgsql Fix issue with NULL passwords pam-shield Correctly block IPs when allow_missing_dns is "no" perl Fix misparsing of maketext strings (CVE-2012-6329) poppler Security fixes; CVE-2010-0206/7,-4653; fix GooString::insert, correctly initialise variables portmidi Fix crash postgresql-8.4 New upstream micro-release sdic Move bzip2 suggestion to Depends as it is used during installation snack Fix buffer overflow (CVE-2012-6303) sphinx Fix incompatibility with jQuery >= 1.4 swath Fix potential buffer overflow in Mule mode swi-prolog Fix buffer overruns ttf-ipafont Fix removal of alternatives tzdata New upstream version; fix DST for America/Bahia (Brazil) unbound Update IP address hints for D.ROOT-SERVERS.NET xen Fix clock breakage xnecview Fix FTBFS on armel A complete list of all accepted packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/stable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason elmerfem License problems (GPL + non-GPL) If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at “debian-release@lists.debian.org”.
Attachment:
signature.asc
Description: This is a digitally signed message part