[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 45-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.9)

Debian Stable Updates Announcement SUA 45-1       http://www.debian.org/
debian-release@lists.debian.org                          Adam D. Barratt
February 10th, 2014

Upcoming Debian GNU/Linux 6.0 Update (6.0.9)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, February
15th, 2014. As of now it will include the following bug fixes. They can
be found in "squeeze-proposed-updates", which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are
also already available through "squeeze-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying debian-release@lists.debian.org on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

    Package                       Reason

    apache2                       Fix CVE-2013-1862 (RewriteLog escaping), CVE-2013-1896 (mod_dav: denial of service via MERGE request), segfaults in certain error conditions
    base-files                    Update for the point release
    ia32-libs                     Update included packages from oldstable / security.d.o
    ia32-libs-gtk                 Update included packages from oldstable / security.d.o
    librsvg                       Fix CVE-2013-1881: disable loading of external entities
    localepurge                   Fix CVE-2014-1638 (insecure tempfile usage)
    mapserver                     Fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function
    openttd                       Fix CVE-2013-6411 (DoS)
    postgresql-8.4                New upstream micro-release
    spip                          Fix XSS on signature from author [CVE-2013-7303]
    suds                          Fix CVE-2013-2217
    tzdata                        New upstream release
    usemod-wiki                   Update hardcoded cookie expiration date from 2013 to 2025
    xfce4-weather-plugin          Update weather.com API URI

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages will be removed due to circumstances beyond our

    Package                    Reason

    iceape              Security support removed

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: