[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 39-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.8)

Debian Stable Updates Announcement SUA 39-1        http://www.debian.org/
debian-release@lists.debian.org                           Adam D. Barratt
October 14th, 2013

Upcoming Debian GNU/Linux 6.0 Update (6.0.8)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, October
19th, 2013. As of now it will include the following bug fixes. They can
be found in “squeeze-proposed-updates”, which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through “squeeze-updates”.

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    base-files                    Update version for point release
    clamav                        New upstream release; security fixes
    dpkg-ruby                     Close files once they're parsed, preventing trouble on dist-upgrades
    gdm3                          Fix potential security issue with partial upgrades to wheezy
    graphviz                      Use system ltdl
    grep                          Fix CVE-2012-5667
    ia32-libs                     Update included packages from oldstable / security.d.o
    ia32-libs-gtk                 Update included packages from oldstable / security.d.o
    inform                        Remove calls to update-alternatives
    ldap2dns                      Do not unnecessarily include /usr/share/debconf/confmodule in postinst
    libapache-mod-security        Fix NULL pointer dereference. CVE-2013-2765
    libmodule-signature-perl      CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE
    libopenid-ruby                Fix CVE-2013-1812
    libspf2                       IPv6 fixes
    lm-sensors-3                  Skip probing for EDID or graphics cards, as it might cause hardware issues
    moin                          Do not create empty pagedir (with empty edit-log)
    net-snmp                      Fix CVE-2012-2141
    openssh                       Fix potential int overflow when using gssapi-with-mac authentication (CVE-2011-5000)
    openvpn                       Fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061
    pcp                           Fix insecure tempfile handling
    pigz                          Use more restrictive permissions for in-progress files
    policyd-weight                Remove shut-down njabl DNSBL
    pyopencl                      Remove non-free file from examples
    pyrad                         Use a better random number generator to prevent predictable password hashing and packet IDs (CVE-2013-0294)
    python-qt4                    Fix crash in uic file with radio buttons
    request-tracker3.8            Move non-cache data to /var/lib
    samba                         Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation
    smarty                        Fix CVE-2012-4437
    spamassassin                  Remove shut-down njabl DNSBL; fix RCVD_ILLEGAL_IP to not consider as invalid
    sympa                         Fix endless loop in wwsympa while loading session data including metacharacters
    texlive-extra                 Fix predictable temp file names in latex2man
    tntnet                        Fix insecure default tntnet.conf
    tzdata                        New upstream version
    wv2                           Really remove src/generator/generator_wword{6,8}.htm
    xorg-server                   Link against -lbsd on kfreebsd  to make MIT-SHM work with non-world-accessible segments
    xview                         Fix alternatives handling
    zabbix                        Fix SQL injection, zabbix_agentd DoS, possible path disclosure, field name parameter checking bypass, ability to override LDAP configuration when calling user.login via API

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    irssi-plugin-otr    Security issues
    libpam-rsa          Broken, causes security problems

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at “debian-release@lists.debian.org”.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: