------------------------------------------------------------------------- Debian Stable Updates Announcement SUA 45-1 http://www.debian.org/ debian-release@lists.debian.org Adam D. Barratt February 10th, 2014 ------------------------------------------------------------------------- Upcoming Debian GNU/Linux 6.0 Update (6.0.9) An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February 15th, 2014. As of now it will include the following bug fixes. They can be found in "squeeze-proposed-updates", which is carried by all official mirrors. Please note that packages published through security.debian.org are not listed, but will be included if possible. Some of the updates below are also already available through "squeeze-updates". Testing and feedback would be appreciated. Bugs should be filed in the Debian Bug Tracking System, but please make the Release Team aware of them by copying debian-release@lists.debian.org on your mails. The point release will also include a rebuild of debian-installer. Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason apache2 Fix CVE-2013-1862 (RewriteLog escaping), CVE-2013-1896 (mod_dav: denial of service via MERGE request), segfaults in certain error conditions base-files Update for the point release ia32-libs Update included packages from oldstable / security.d.o ia32-libs-gtk Update included packages from oldstable / security.d.o librsvg Fix CVE-2013-1881: disable loading of external entities localepurge Fix CVE-2014-1638 (insecure tempfile usage) mapserver Fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function openttd Fix CVE-2013-6411 (DoS) postgresql-8.4 New upstream micro-release spip Fix XSS on signature from author [CVE-2013-7303] suds Fix CVE-2013-2217 tzdata New upstream release usemod-wiki Update hardcoded cookie expiration date from 2013 to 2025 xfce4-weather-plugin Update weather.com API URI A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: <http://release.debian.org/proposed-updates/oldstable.html> Removed packages ---------------- The following packages will be removed due to circumstances beyond our control: Package Reason iceape Security support removed If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org.
Attachment:
signature.asc
Description: This is a digitally signed message part