1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
<define-tag pagetitle>Updated Debian 6.0: 6.0.7 released</define-tag>
<define-tag release_date>2013-02-23</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.7</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
<p>The Debian project is pleased to announce the seventh update of its
stable distribution Debian <release> (codename <q><codename></q>).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.</p>
<p>Please note that this update does not constitute a new version of Debian
<release> but only updates some of the packages included. There is
no need to throw away <release> CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.</p>
<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>
<p>New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.</p>
<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:</p>
<div class="center">
<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>
<h2>Miscellaneous Bugfixes</h2>
<p>This stable update adds a few important corrections to the following
packages:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction apt-show-versions "Fix detection of squeeze-updates and squeeze; update official distribution list">
<correction base-files "Update for the point release">
<correction bcron "Don't allow jobs access to other jobs' temporary files">
<correction bind9 "Update IP for <q>D</q> root server">
<correction bugzilla "Add dependency on liburi-perl, used during package configuration">
<correction choose-mirror "Update URL for master mirror list">
<correction clamav "New upstream version">
<correction claws-mail "Fix NULL pointer dereference">
<correction clive "Adapt for youtube.com changes">
<correction cups "Ship cups-files.conf's manpage">
<correction dbus "Avoid code execution in setuid/setgid binaries">
<correction dbus-glib "Fix authentication bypass through insufficient checks (CVE-2013-0292)">
<correction debian-installer "Rebuild for 6.0.7">
<correction debian-installer-netboot-images "Rebuild against debian-installer 20110106+squeeze4+b3">
<correction dtach "Properly handle close request (CVE-2012-3368)">
<correction ettercap "Fix hosts list parsing (CVE-2013-0722)">
<correction fglrx-driver "Fix diversion-related issues with upgrades from lenny">
<correction flashplugin-nonfree "Use gpg --verify">
<correction fusionforge "Lenny to squeeze upgrade fix">
<correction gmime2.2 "Add Conflicts: libgmime2.2-cil to fix upgrades from lenny">
<correction gzip "Avoid using memcpy on overlapping regions">
<correction ia32-libs "Update included packages from stable / security.d.o">
<correction ia32-libs-core "Update included packages from stable / security.d.o">
<correction kfreebsd-8 "Fix CVE-2012-4576: memory access without proper validation in linux compat system">
<correction libbusiness-onlinepayment-ippay-perl "Backport changes to IPPay gateway's server name and path">
<correction libproc-processtable-perl "Fix unsafe temporary file usage (CVE-2011-4363)">
<correction libzorpll "Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev">
<correction linux-2.6 "Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction magpierss "Fix upgrade issue">
<correction maradns "Fix CVE-2012-1570 (deleted domain record cache persistence flaw)">
<correction mediawiki "Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit">
<correction moodle "Multiple security fixes">
<correction nautilus "Add Breaks: samba-common (<< 2:3.5) to fix a lenny to squeeze upgrade issue">
<correction openldap "Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions">
<correction openssh "Improve DoS resistance (CVE-2010-5107)">
<correction pam-pgsql "Fix issue with NULL passwords">
<correction pam-shield "Correctly block IPs when allow_missing_dns is <q>no</q>">
<correction perl "Fix misparsing of maketext strings (CVE-2012-6329)">
<correction poppler "Security fixes; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; fix GooString::insert, correctly initialise variables">
<correction portmidi "Fix crash">
<correction postgresql-8.4 "New upstream micro-release">
<correction sdic "Move bzip2 from Suggests to Depends as it is used during installation">
<correction snack "Fix buffer overflow (CVE-2012-6303)">
<correction sphinx "Fix incompatibility with jQuery >= 1.4">
<correction swath "Fix potential buffer overflow in Mule mode">
<correction swi-prolog "Fix buffer overruns">
<correction ttf-ipafont "Fix removal of alternatives">
<correction tzdata "New upstream version; fix DST for America/Bahia (Brazil)">
<correction unbound "Update IP address hints for D.ROOT-SERVERS.NET">
<correction xen "Fix clock breakage">
<correction xnecview "Fix FTBFS on armel">
</table>
<h2>Security Updates</h2>
<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2012 2550 asterisk "Multiple issues">
<dsa 2012 2551 isc-dhcp "Denial of service">
<dsa 2012 2552 tiff "Multiple issues">
<dsa 2012 2553 iceweasel "Multiple issues">
<dsa 2012 2554 iceape "Multiple issues">
<dsa 2012 2555 libxslt "Multiple issues">
<dsa 2012 2556 icedove "Multiple issues">
<dsa 2012 2557 hostapd "Denial of service">
<dsa 2012 2558 bacula "Information disclosure">
<dsa 2012 2559 libexif "Multiple issues">
<dsa 2012 2560 bind9 "Denial of service">
<dsa 2012 2561 tiff "Buffer overflow">
<dsa 2012 2562 cups-pk-helper "Privilege escalation">
<dsa 2012 2563 viewvc "Multiple issues">
<dsa 2012 2564 tinyproxy "Denial of service">
<dsa 2012 2565 iceweasel "Multiple issues">
<dsa 2012 2566 exim4 "Heap overflow">
<dsa 2012 2567 request-tracker3.8 "Multiple issues">
<dsa 2012 2568 rtfm "Privilege escalation">
<dsa 2012 2569 icedove "Multiple issues">
<dsa 2012 2570 openoffice.org "Multiple issues">
<dsa 2012 2571 libproxy "Buffer overflow">
<dsa 2012 2572 iceape "Multiple issues">
<dsa 2012 2573 radsecproxy "SSL certificate verification weakness">
<dsa 2012 2574 typo3-src "Multiple issues">
<dsa 2012 2575 tiff "Heap overflow">
<dsa 2012 2576 trousers "Denial of service">
<dsa 2012 2577 libssh "Multiple issues">
<dsa 2012 2578 rssh "Multiple issues">
<dsa 2012 2579 apache2 "Multiple issues">
<dsa 2012 2580 libxml2 "Buffer overflow">
<dsa 2012 2582 xen "Denial of service">
<dsa 2012 2583 iceweasel "Multiple issues">
<dsa 2012 2584 iceape "Multiple issues">
<dsa 2012 2585 bogofilter "Heap-based buffer overflow">
<dsa 2012 2586 perl "Multiple issues">
<dsa 2012 2587 libcgi-pm-perl "HTTP header injection">
<dsa 2012 2588 icedove "Multiple issues">
<dsa 2012 2589 tiff "Buffer overflow">
<dsa 2012 2590 wireshark "Multiple issues">
<dsa 2012 2591 mahara "Multiple issues">
<dsa 2012 2592 elinks "Programming error">
<dsa 2012 2593 moin "Multiple issues">
<dsa 2012 2594 virtualbox-ose "Programming error">
<dsa 2012 2595 ghostscript "Buffer overflow">
<dsa 2012 2596 mediawiki-extensions "Cross-site scripting in RSSReader extension">
<dsa 2013 2597 rails "Input validation error">
<dsa 2013 2598 weechat "Multiple issues">
<dsa 2013 2599 nss "Mis-issued intermediates">
<dsa 2013 2600 cups "Privilege escalation">
<dsa 2013 2601 gnupg2 "Missing input sanitation">
<dsa 2013 2601 gnupg "Missing input sanitation">
<dsa 2013 2602 zendframework "XML external entity inclusion">
<dsa 2013 2603 emacs23 "Programming error">
<dsa 2013 2604 rails "Insufficient input validation">
<dsa 2013 2605 asterisk "Multiple issues">
<dsa 2013 2606 proftpd-dfsg "Symlink race">
<dsa 2013 2607 qemu-kvm "Buffer overflow">
<dsa 2013 2608 qemu "Buffer overflow">
<dsa 2013 2609 rails "SQL query manipulation">
<dsa 2013 2610 ganglia "Remote code execution">
<dsa 2013 2611 movabletype-opensource "Multiple issues">
<dsa 2013 2612 ircd-ratbox "Remote crash">
<dsa 2013 2613 rails "Insufficient input validation">
<dsa 2013 2614 libupnp "Multiple issues">
<dsa 2013 2615 libupnp4 "Multiple issues">
<dsa 2013 2616 nagios3 "Buffer overflow vulnerability">
<dsa 2013 2617 samba "Multiple issues">
<dsa 2013 2618 ircd-hybrid "Denial of service">
<dsa 2013 2619 xen-qemu-dm-4.0 "Buffer overflow">
<dsa 2013 2620 rails "Multiple issues">
<dsa 2013 2621 openssl "Multiple issues">
<dsa 2013 2622 polarssl "Multiple issues">
<dsa 2013 2623 openconnect "Buffer overflow">
<dsa 2013 2624 ffmpeg "Multiple issues">
<dsa 2013 2625 wireshark "Multiple issues">
<dsa 2013 2626 lighttpd "Multiple issues">
<dsa 2013 2627 nginx "Information leak">
</table>
<h2>Debian Installer</h2>
<p>The installer has been rebuilt to include the fixes incorporated into
stable by the point release.</p>
<h2>Removed packages</h2>
<p>The following packages were removed due to circumstances beyond our
control:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction elmerfem "License problems (GPL + non-GPL)">
</table>
<h2>URLs</h2>
<p>The complete lists of packages that have changed with this
revision:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>The current stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Proposed updates to the stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates/">
</div>
<p>stable distribution information (release notes, errata etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
</div>
<p>Security announcements and information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>About Debian</h2>
<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>
<h2>Contact Information</h2>
<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">https://www.debian.org/</a>, send mail to
<press@debian.org>, or contact the stable release team at
<debian-release@lists.debian.org>.</p>
|
