[SUA 45-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.9)

To: debian-stable-announce@lists.debian.org
Subject: [SUA 45-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.9)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 10 Feb 2014 20:53:50 +0000
Message-id: <[🔎] 1392065630.25203.11.camel@jacala.jungle.funky-badger.org>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.og

-------------------------------------------------------------------------
Debian Stable Updates Announcement SUA 45-1       http://www.debian.org/
debian-release@lists.debian.org                          Adam D. Barratt
February 10th, 2014
-------------------------------------------------------------------------

Upcoming Debian GNU/Linux 6.0 Update (6.0.9)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February
15th, 2014. As of now it will include the following bug fixes. They can
be found in "squeeze-proposed-updates", which is carried by all official
mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "squeeze-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

    Package                       Reason

    apache2                       Fix CVE-2013-1862 (RewriteLog escaping), CVE-2013-1896 (mod_dav: denial of service via MERGE request), segfaults in certain error conditions
    base-files                    Update for the point release
    ia32-libs                     Update included packages from oldstable / security.d.o
    ia32-libs-gtk                 Update included packages from oldstable / security.d.o
    librsvg                       Fix CVE-2013-1881: disable loading of external entities
    localepurge                   Fix CVE-2014-1638 (insecure tempfile usage)
    mapserver                     Fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function
    openttd                       Fix CVE-2013-6411 (DoS)
    postgresql-8.4                New upstream micro-release
    spip                          Fix XSS on signature from author [CVE-2013-7303]
    suds                          Fix CVE-2013-2217
    tzdata                        New upstream release
    usemod-wiki                   Update hardcoded cookie expiration date from 2013 to 2025
    xfce4-weather-plugin          Update weather.com API URI

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

  <http://release.debian.org/proposed-updates/oldstable.html>

Removed packages
----------------

The following packages will be removed due to circumstances beyond our
control:

    Package                    Reason

    iceape              Security support removed


If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SUA 44-1] Upcoming Debian GNU/Linux 7 Update (7.4)
Next by Date: [SUA 46-1] Updated certificatepatrol version
Previous by thread: [SUA 44-1] Upcoming Debian GNU/Linux 7 Update (7.4)
Next by thread: [SUA 46-1] Updated certificatepatrol version
Index(es):
- Date
- Thread