1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
#use wml::debian::translation-check translation="1.3"
<define-tag pagetitle>Uppdaterad Debian 6.0: 6.0.7 utgiven</define-tag>
<define-tag release_date>2013-02-23</define-tag>
#use wml::debian::news
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.7</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
<p>Debianprojektet tillkännager stolt den sjunde uppdateringen av dess stabila
utgåva Debian <release> (med kodnamn <q><codename></q>). Denna uppdatering
lägger främst till rättningar för säkerhetsproblem till den stabila utgåvan,
tillsammans med några korrigeringar till några allvarliga problem.
Säkerhetsbulletiner har redan publicerats separat och refereras när dom finns
tillgängliga.</p>
<p>Vänligen notera att denna uppdatering inte innebär en ny version av Debian
<release> utan endast updaterar några av de inkluderade paketen. Det finns ingen
anledning att kasta bort <release>-CDs eller DVDs utan allt som behövs är att
uppdatera via en uppdaterad Debianspegling efter en installation, för att få
alla inaktuella paket uppdaterade.</p>
<p>Dom som frekvent installerar uppdateringar från security.debian.org kommer
inte att behöva uppdatera många paket och de flesta uppdateringar från
security.debian.org inkluderas i denna uppdatering.
</p>
<p>
Nya installationsmedia och CD- och DVD-avbildningar med uppdaterade paket
kommer att finnas tillgängliga snart på dom vanliga platserna.
</p>
<p>
En uppgradering online till denna revision görs vanligtvis genom att peka
paketverktyget aptitude eller apt (se manualsidan för sources.list(5)) mot
en av Debians många FTP eller HTTP-speglingar. En fullständig lista på
speglar finns på:
</p>
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
<h2>Diverse Felrättningar</h2>
<p>Denna uppdatering av den stabila utgåvan lägger till några viktiga
felrättningar till följande paket:</p>
<table border=0>
<tr><th>Paket</th> <th>Orsak</th></tr>
<correction apt-show-versions "Fix detection of squeeze-updates and squeeze; update official distribution list">
<correction base-files "Update for the point release">
<correction bcron "Don't allow jobs access to other jobs' temporary files">
<correction bind9 "Update IP for <q>D</q> root server">
<correction bugzilla "Add dependency on liburi-perl, used during package configuration">
<correction choose-mirror "Update URL for master mirror list">
<correction clamav "New upstream version">
<correction claws-mail "Fix NULL pointer dereference">
<correction clive "Adapt for youtube.com changes">
<correction cups "Ship cups-files.conf's manpage">
<correction dbus "Avoid code execution in setuid/setgid binaries">
<correction dbus-glib "Fix authentication bypass through insufficient checks (CVE-2013-0292)">
<correction debian-installer "Rebuild for 6.0.7">
<correction debian-installer-netboot-images "Rebuild against debian-installer 20110106+squeeze4+b3">
<correction dtach "Properly handle close request (CVE-2012-3368)">
<correction ettercap "Fix hosts list parsing (CVE-2013-0722)">
<correction fglrx-driver "Fix diversion-related issues with upgrades from lenny">
<correction flashplugin-nonfree "Use gpg --verify">
<correction fusionforge "Lenny to squeeze upgrade fix">
<correction gmime2.2 "Add Conflicts: libgmime2.2-cil to fix upgrades from lenny">
<correction gzip "Avoid using memcpy on overlapping regions">
<correction ia32-libs "Update included packages from stable / security.d.o">
<correction ia32-libs-core "Update included packages from stable / security.d.o">
<correction kfreebsd-8 "Fix CVE-2012-4576: memory access without proper validation in linux compat system">
<correction libbusiness-onlinepayment-ippay-perl "Backport changes to IPPay gateway's server name and path">
<correction libproc-processtable-perl "Fix unsafe temporary file usage (CVE-2011-4363)">
<correction libzorpll "Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev">
<correction linux-2.6 "Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-48">
<correction magpierss "Fix upgrade issue">
<correction maradns "Fix CVE-2012-1570 (deleted domain record cache persistence flaw)">
<correction mediawiki "Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit">
<correction moodle "Multiple security fixes">
<correction nautilus "Add Breaks: samba-common (<< 2:3.5) to fix a lenny to squeeze upgrade issue">
<correction openldap "Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions">
<correction openssh "Improve DoS resistance (CVE-2010-5107)">
<correction pam-pgsql "Fix issue with NULL passwords">
<correction pam-shield "Correctly block IPs when allow_missing_dns is <q>no</q>">
<correction perl "Fix misparsing of maketext strings (CVE-2012-6329)">
<correction poppler "Security fixes; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; fix GooString::insert, correctly initialise variables">
<correction portmidi "Fix crash">
<correction postgresql-8.4 "New upstream micro-release">
<correction sdic "Move bzip2 from Suggests to Depends as it is used during installation">
<correction snack "Fix buffer overflow (CVE-2012-6303)">
<correction sphinx "Fix incompatibility with jQuery >= 1.4">
<correction swath "Fix potential buffer overflow in Mule mode">
<correction swi-prolog "Fix buffer overruns">
<correction ttf-ipafont "Fix removal of alternatives">
<correction tzdata "New upstream version; fix DST for America/Bahia (Brazil)">
<correction unbound "Update IP address hints for D.ROOT-SERVERS.NET">
<correction xen "Fix clock breakage">
<correction xnecview "Fix FTBFS on armel">
</table>
<h2>Säkerhetsuppdateringar</h2>
<p>
Denna revision lägger till följande säkerhetsuppgraderingar till den stabila
utgåvan. Säkerhetsgruppen har redan släppt bulletiner för följande
uppdateringar:
</p>
<table border=0>
<tr><th>Bulletin-ID</th> <th>Paket</th> <th>Rättning(ar)</th></tr>
<dsa 2012 2550 asterisk "Multiple issues">
<dsa 2012 2551 isc-dhcp "Denial of service">
<dsa 2012 2552 tiff "Multiple issues">
<dsa 2012 2553 iceweasel "Multiple issues">
<dsa 2012 2554 iceape "Multiple issues">
<dsa 2012 2555 libxslt "Multiple issues">
<dsa 2012 2556 icedove "Multiple issues">
<dsa 2012 2557 hostapd "Denial of service">
<dsa 2012 2558 bacula "Information disclosure">
<dsa 2012 2559 libexif "Multiple issues">
<dsa 2012 2560 bind9 "Denial of service">
<dsa 2012 2561 tiff "Buffer overflow">
<dsa 2012 2562 cups-pk-helper "Privilege escalation">
<dsa 2012 2563 viewvc "Multiple issues">
<dsa 2012 2564 tinyproxy "Denial of service">
<dsa 2012 2565 iceweasel "Multiple issues">
<dsa 2012 2566 exim4 "Heap overflow">
<dsa 2012 2567 request-tracker3.8 "Multiple issues">
<dsa 2012 2568 rtfm "Privilege escalation">
<dsa 2012 2569 icedove "Multiple issues">
<dsa 2012 2570 openoffice.org "Multiple issues">
<dsa 2012 2571 libproxy "Buffer overflow">
<dsa 2012 2572 iceape "Multiple issues">
<dsa 2012 2573 radsecproxy "SSL certificate verification weakness">
<dsa 2012 2574 typo3-src "Multiple issues">
<dsa 2012 2575 tiff "Heap overflow">
<dsa 2012 2576 trousers "Denial of service">
<dsa 2012 2577 libssh "Multiple issues">
<dsa 2012 2578 rssh "Multiple issues">
<dsa 2012 2579 apache2 "Multiple issues">
<dsa 2012 2580 libxml2 "Buffer overflow">
<dsa 2012 2582 xen "Denial of service">
<dsa 2012 2583 iceweasel "Multiple issues">
<dsa 2012 2584 iceape "Multiple issues">
<dsa 2012 2585 bogofilter "Heap-based buffer overflow">
<dsa 2012 2586 perl "Multiple issues">
<dsa 2012 2587 libcgi-pm-perl "HTTP header injection">
<dsa 2012 2588 icedove "Multiple issues">
<dsa 2012 2589 tiff "Buffer overflow">
<dsa 2012 2590 wireshark "Multiple issues">
<dsa 2012 2591 mahara "Multiple issues">
<dsa 2012 2592 elinks "Programming error">
<dsa 2012 2593 moin "Multiple issues">
<dsa 2012 2594 virtualbox-ose "Programming error">
<dsa 2012 2595 ghostscript "Buffer overflow">
<dsa 2012 2596 mediawiki-extensions "Cross-site scripting in RSSReader extension">
<dsa 2013 2597 rails "Input validation error">
<dsa 2013 2598 weechat "Multiple issues">
<dsa 2013 2599 nss "Mis-issued intermediates">
<dsa 2013 2600 cups "Privilege escalation">
<dsa 2013 2601 gnupg2 "Missing input sanitation">
<dsa 2013 2601 gnupg "Missing input sanitation">
<dsa 2013 2602 zendframework "XML external entity inclusion">
<dsa 2013 2603 emacs23 "Programming error">
<dsa 2013 2604 rails "Insufficient input validation">
<dsa 2013 2605 asterisk "Multiple issues">
<dsa 2013 2606 proftpd-dfsg "Symlink race">
<dsa 2013 2607 qemu-kvm "Buffer overflow">
<dsa 2013 2608 qemu "Buffer overflow">
<dsa 2013 2609 rails "SQL query manipulation">
<dsa 2013 2610 ganglia "Remote code execution">
<dsa 2013 2611 movabletype-opensource "Multiple issues">
<dsa 2013 2612 ircd-ratbox "Remote crash">
<dsa 2013 2613 rails "Insufficient input validation">
<dsa 2013 2614 libupnp "Multiple issues">
<dsa 2013 2615 libupnp4 "Multiple issues">
<dsa 2013 2616 nagios3 "Buffer overflow vulnerability">
<dsa 2013 2617 samba "Multiple issues">
<dsa 2013 2618 ircd-hybrid "Denial of service">
<dsa 2013 2619 xen-qemu-dm-4.0 "Buffer overflow">
<dsa 2013 2620 rails "Multiple issues">
<dsa 2013 2621 openssl "Multiple issues">
<dsa 2013 2622 polarssl "Multiple issues">
<dsa 2013 2623 openconnect "Buffer overflow">
<dsa 2013 2624 ffmpeg "Multiple issues">
<dsa 2013 2625 wireshark "Multiple issues">
<dsa 2013 2626 lighttpd "Multiple issues">
<dsa 2013 2627 nginx "Information leak">
</table>
<h2>Debianinstalleraren</h2>
<p>Installeraren har byggts om för att inkludera dessa felrättningar i stabila
punktutgåvan.</p>
<h2>Borttagna paket</h2>
<p>Följande paket har tagits bort på grund av omständigheter utom vår
kontroll:</p>
<table border=0>
<tr><th>Paket</th> <th>Orsak</th></tr>
<correction elmerfem "Licensproblem (GPL + icke-GPL)">
</table>
<h2>URLer</h2>
<p>
Den kompletta listan på paket som har förändrats i denna revision:
</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>Den nuvarande stabila utgåvan:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Förslagna uppdateringar till den stabila utgåvan:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates/">
</div>
<p>information om den stabila utgåvan (versionsfakta, kända problem etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
<p>Säkerhetsbulletiner och information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>Om Debian</h2>
<p>Debianprojektet är en grupp av utvecklare av Fri mjukvara som donerar sin
tid och kraft för att producera det helt fria operativsystemet Debian.</p>
<h2>Kontaktinformation</h2>
<p>För mer information, besök Debians webbplats på <a
href="$(HOME)/">http://www.debian.org/</a>, skicka e-post till
<press@debian.org> (på engelska), eller kontakta gruppen för stabila utgåvor på
<debian-release@lists.debian.org> (på engelska).</p>
|
