[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 31-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.7)

Debian Stable Updates Announcement SUA 31-1      http://www.debian.org/
debian-release@lists.debian.org                         Adam D. Barratt
February 18th, 2013

Upcoming Debian GNU/Linux 6.0 Update (6.0.7)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February
23rd, 2013. As of now it will include the following bug fixes. They can
be found in “squeeze-proposed-updates”, which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through “squeeze-updates”.

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                               Reason

    apt-show-versions                     Fix detection of squeeze-updates and squeeze; update official distribution list
    base-files                            Update for the point release
    bcron                                 Don't allow jobs access to other jobs temporary files
    bind9                                 Update IP for "D" root server
    bugzilla                              Add dependency on liburi-perl, used during package configuration
    choose-mirror                         Update URL for master mirror list
    clamav                                New upstream version
    claws-mail                            Fix NULL pointer dereference
    clive                                 Adapt for youtube.com changes
    cups                                  Ship cups-files.conf's manpage
    dbus                                  Avoid code execution in setuid/setgid binaries
    dbus-glib                             Fix authentication bypass through insufficient checks (CVE-2013-0292)
    dtach                                 Properly handle close request (CVE-2012-3368)
    ettercap                              Fix hosts list parsing (CVE-2013-0722)
    fglrx-driver                          Fix diversion-related issues with upgrades from lenny
    flashplugin-nonfree                   Use gpg --verify
    fusionforge                           Lenny to squeeze upgrade fix
    gmime2.2                              Add Conflicts: libgmime2.2-cil to fix upgrades from lenny
    gzip                                  Avoid using memcpy on overlapping regions
    ia32-libs                             Update included packages from stable / security.d.o
    ia32-libs-core                        Update included packages from stable / security.d.o
    kfreebsd-8                            Fix CVE-2012-4576: memory access without proper validation in linux compat system
    libbusiness-onlinepayment-ippay-perl  Backport changes to IPPay gateway's server name and path
    libproc-processtable-perl             Fix unsafe temporary file usage (CVE-2011-4363)
    libzorpll                             Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev
    linux-2.6                             Update to stable release Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs
    magpierss                             Fix upgrade issue
    maradns                               Fix CVE-2012-1570 (deleted domain record cache persistence flaw)
    mediawiki                             Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit
    moodle                                Multiple security fixes
    nautilus                              Lenny to squeeze upgrade fix
    openldap                              Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions
    openssh                               Improve DoS resistance (CVE-2010-5107)
    pam-pgsql                             Fix issue with NULL passwords
    pam-shield                            Correctly block IPs when allow_missing_dns is "no"
    perl                                  Fix misparsing of maketext strings (CVE-2012-6329)
    poppler                               Security fixes; CVE-2010-0206/7,-4653; fix GooString::insert, correctly initialise variables
    portmidi                              Fix crash
    postgresql-8.4                        New upstream micro-release
    sdic                                  Move bzip2 suggestion to Depends as it is used during installation
    snack                                 Fix buffer overflow (CVE-2012-6303)
    sphinx                                Fix incompatibility with jQuery >= 1.4
    swath                                 Fix potential buffer overflow in Mule mode
    swi-prolog                            Fix buffer overruns
    ttf-ipafont                           Fix removal of alternatives
    tzdata                                New upstream version; fix DST for America/Bahia (Brazil)
    unbound                               Update IP address hints for D.ROOT-SERVERS.NET
    xen                                   Fix clock breakage
    xnecview                              Fix FTBFS on armel

A complete list of all accepted packages together with rationale is on
the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    elmerfem            License problems (GPL + non-GPL)

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at “debian-release@lists.debian.org”.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: