23.02.2013 20:58, ????? ???????? ?????: > good > > > 2013/2/23 Francesca Ciceri <madame...@debian.org > <mailto:madame...@debian.org>> > > ------------------------------------------------------------------------ > The Debian Project > http://www.debian.org/ > Updated Debian 6.0: 6.0.7 released > pr...@debian.org <mailto:pr...@debian.org> > February 23rd, 2013 > http://www.debian.org/News/2013/20130223 > ------------------------------------------------------------------------ > > > The Debian project is pleased to announce the seventh update of its > stable distribution Debian 6.0 (codename "squeeze"). This update > mainly > adds corrections for security problems to the stable release, > along with > a few adjustments for serious problems. Security advisories were > already > published separately and are referenced where available. > > Please note that this update does not constitute a new version of > Debian > 6.0 but only updates some of the packages included. There is no > need to > throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian > mirror after an installation, to cause any out of date packages to be > updated. > > Those who frequently install updates from security.debian.org > <http://security.debian.org> won't have > to update many packages and most updates from security.debian.org > <http://security.debian.org> are > included in this update. > > New installation media and CD and DVD images containing updated > packages > will be available soon at the regular locations. > > Upgrading to this revision online is usually done by pointing the > aptitude (or apt) package tool (see the sources.list(5) manual > page) to > one of Debian's many FTP or HTTP mirrors. A comprehensive list of > mirrors is available at: > > http://www.debian.org/mirror/list > > > > Miscellaneous Bugfixes > ---------------------- > > This stable update adds a few important corrections to the following > packages: > > Package Reason > > apt-show-versions Fix detection of squeeze-updates and > squeeze; update official > distribution list > > base-files Update for the point release > > bcron Don't allow jobs access to other > jobs' temporary files > > bind9 Update IP for "D" root server > > bugzilla Add dependency on liburi-perl, used > during package configuration > > choose-mirror Update URL for master mirror list > > clamav New upstream version > > claws-mail Fix NULL pointer dereference > > clive Adapt for youtube.com > <http://youtube.com> changes > > cups Ship cups-files.conf's manpage > > dbus Avoid code execution in setuid/ > setgid binaries > > dbus-glib Fix authentication bypass through > insufficient checks (CVE-2013-0292) > > debian-installer Rebuild for 6.0.7 > > debian-installer-netboot- Rebuild against debian-installer > images 20110106+squeeze4+b3 > > dtach Properly handle close request > (CVE-2012-3368) > > ettercap Fix hosts list parsing (CVE-2013- > 0722) > > fglrx-driver Fix diversion-related issues with > upgrades from lenny > > flashplugin-nonfree Use gpg --verify > > fusionforge Lenny to squeeze upgrade fix > > gmime2.2 Add Conflicts: libgmime2.2-cil to > fix upgrades from lenny > > gzip Avoid using memcpy on overlapping > regions > > ia32-libs Update included packages from > stable / security.d.o > > ia32-libs-core Update included packages from > stable / security.d.o > > kfreebsd-8 Fix CVE-2012-4576: memory access > without proper validation in linux > compat system > > libbusiness-onlinepayment- Backport changes to IPPay gateway's > ippay-perl server name and path > > libproc-processtable- Fix unsafe temporary file usage > perl (CVE-2011-4363) > > libzorpll Add missing Breaks/Replaces: > libzorp2-dev to libzorpll-dev > > linux-2.6 Update to stable release 2.6.32.60. > Backport hpsa, isci and megaraid_sas > driver updates. Fix r8169 hangs > > linux-kernel-di-amd64- Rebuild against linux-2.6 2.6.32-48 > 2.6 > > linux-kernel-di- Rebuild against linux-2.6 2.6.32-48 > armel-2.6 > > linux-kernel-di-i386- Rebuild against linux-2.6 2.6.32-48 > 2.6 > > linux-kernel-di-ia64- Rebuild against linux-2.6 2.6.32-48 > 2.6 > > linux-kernel-di- Rebuild against linux-2.6 2.6.32-48 > mips-2.6 > > linux-kernel-di- Rebuild against linux-2.6 2.6.32-48 > mipsel-2.6 > > linux-kernel-di- Rebuild against linux-2.6 2.6.32-48 > powerpc-2.6 > > linux-kernel-di-s390- Rebuild against linux-2.6 2.6.32-48 > 2.6 > > linux-kernel-di- Rebuild against linux-2.6 2.6.32-48 > sparc-2.6 > > magpierss Fix upgrade issue > > maradns Fix CVE-2012-1570 (deleted domain > record cache persistence flaw) > > mediawiki Prevent session fixation in > Special:UserLogin (CVE-2012-5391); > prevent linker regex from exceeding > backtrack limit > > moodle Multiple security fixes > > nautilus Add Breaks: samba-common (<< 2:3.5) > to fix a lenny to squeeze upgrade > issue > > openldap Dump the database in prerm on > upgrades to help upgrades to > releases with newer libdb versions > > openssh Improve DoS resistance (CVE-2010- > 5107) > > pam-pgsql Fix issue with NULL passwords > > pam-shield Correctly block IPs when > allow_missing_dns is "no" > > perl Fix misparsing of maketext strings > (CVE-2012-6329) > > poppler Security fixes; CVE-2010-0206, > CVE-2010-0207, CVE-2012-4653; fix > GooString::insert, correctly > initialise variables > > portmidi Fix crash > > postgresql-8.4 New upstream micro-release > > sdic Move bzip2 from Suggests to Depends > as it is used during installation > > snack Fix buffer overflow (CVE-2012-6303) > > sphinx Fix incompatibility with jQuery>= > 1.4 > > swath Fix potential buffer overflow in > Mule mode > > swi-prolog Fix buffer overruns > > ttf-ipafont Fix removal of alternatives > > tzdata New upstream version; fix DST for > America/Bahia (Brazil) > > unbound Update IP address hints for D.ROOT- > SERVERS.NET <http://SERVERS.NET> > > xen Fix clock breakage > > xnecview Fix FTBFS on armel > > > > > Security Updates > ---------------- > > This revision adds the following security updates to the stable > release. > The Security Team has already released an advisory for each of these > updates: > > > Advisory ID Package Correction(s) > > DSA-2550 asterisk Multiple issues > > DSA-2551 isc-dhcp Denial of service > > DSA-2552 tiff Multiple issues > > DSA-2553 iceweasel Multiple issues > > DSA-2554 iceape Multiple issues > > DSA-2555 libxslt Multiple issues > > DSA-2556 icedove Multiple issues > > DSA-2557 hostapd Denial of service > > DSA-2558 bacula Information disclosure > > DSA-2559 libexif Multiple issues > > DSA-2560 bind9 Denial of service > > DSA-2561 tiff Buffer overflow > > DSA-2562 cups-pk-helper Privilege escalation > > DSA-2563 viewvc Multiple issues > > DSA-2564 tinyproxy Denial of service > > DSA-2565 iceweasel Multiple issues > > DSA-2566 exim4 Heap overflow > > DSA-2567 request-tracker3.8 Multiple issues > > DSA-2568 rtfm Privilege escalation > > DSA-2569 icedove Multiple issues > > DSA-2570 openoffice.org <http://openoffice.org> Multiple > issues > > DSA-2571 libproxy Buffer overflow > > DSA-2572 iceape Multiple issues > > DSA-2573 radsecproxy SSL certificate > verification weakness > > DSA-2574 typo3-src Multiple issues > > DSA-2575 tiff Heap overflow > > DSA-2576 trousers Denial of service > > DSA-2577 libssh Multiple issues > > DSA-2578 rssh Multiple issues > > DSA-2579 apache2 Multiple issues > > DSA-2580 libxml2 Buffer overflow > > DSA-2582 xen Denial of service > > DSA-2583 iceweasel Multiple issues > > DSA-2584 iceape Multiple issues > > DSA-2585 bogofilter Heap-based buffer > overflow > > DSA-2586 perl Multiple issues > > DSA-2587 libcgi-pm-perl HTTP header injection > > DSA-2588 icedove Multiple issues > > DSA-2589 tiff Buffer overflow > > DSA-2590 wireshark Multiple issues > > DSA-2591 mahara Multiple issues > > DSA-2592 elinks Programming error > > DSA-2593 moin Multiple issues > > DSA-2594 virtualbox-ose Programming error > > DSA-2595 ghostscript Buffer overflow > > DSA-2596 mediawiki- Cross-site scripting in > extensions RSSReader extension > > DSA-2597 rails Input validation error > > DSA-2598 weechat Multiple issues > > DSA-2599 nss Mis-issued intermediates > > DSA-2600 cups Privilege escalation > > DSA-2601 gnupg2 Missing input sanitation > > DSA-2601 gnupg Missing input sanitation > > DSA-2602 zendframework XML external entity > inclusion > > DSA-2603 emacs23 Programming error > > DSA-2604 rails Insufficient input > validation > > DSA-2605 asterisk Multiple issues > > DSA-2606 proftpd-dfsg Symlink race > > DSA-2607 qemu-kvm Buffer overflow > > DSA-2608 qemu Buffer overflow > > DSA-2609 rails SQL query manipulation > > DSA-2610 ganglia Remote code execution > > DSA-2611 movabletype- Multiple issues > opensource > > DSA-2612 ircd-ratbox Remote crash > > DSA-2613 rails Insufficient input > validation > > DSA-2614 libupnp Multiple issues > > DSA-2615 libupnp4 Multiple issues > > DSA-2616 nagios3 Buffer overflow > vulnerability > > DSA-2617 samba Multiple issues > > DSA-2618 ircd-hybrid Denial of service > > DSA-2619 xen-qemu-dm-4.0 Buffer overflow > > DSA-2620 rails Multiple issues > > DSA-2621 openssl Multiple issues > > DSA-2622 polarssl Multiple issues > > DSA-2623 openconnect Buffer overflow > > DSA-2624 ffmpeg Multiple issues > > DSA-2625 wireshark Multiple issues > > DSA-2626 lighttpd Multiple issues > > DSA-2627 nginx Information leak > > > Debian Installer > ---------------- > > The installer has been rebuilt to include the fixes incorporated into > stable by the point release. > > Removed packages > ---------------- > > The following packages were removed due to circumstances beyond our > control: > > Package Reason > > elmerfem License problems (GPL + non-GPL) > > > URLs > ---- > > The complete lists of packages that have changed with this revision: > > http://ftp.debian.org/debian/dists/squeeze/ChangeLog > > > The current stable distribution: > > http://ftp.debian.org/debian/dists/stable/ > > > Proposed updates to the stable distribution: > > http://ftp.debian.org/debian/dists/proposed-updates/ > > > stable distribution information (release notes, errata etc.): > > http://www.debian.org/releases/stable/ > > > Security announcements and information: > > http://security.debian.org/ > > > About Debian > ------------ > > The Debian Project is an association of Free Software developers who > volunteer their time and effort in order to produce the completely > free > operating system Debian. > > > Contact Information > ------------------- > > For further information, please visit the Debian web pages at > http://www.debian.org/, send mail to <pr...@debian.org > <mailto:pr...@debian.org>>, or contact the > stable release team at <debian-rele...@lists.debian.org > <mailto:debian-rele...@lists.debian.org>>. > > > > > -- > Fedor Elizarov > web > http://www.blogdron.blogspot.co.uk/ > > e-mail > YmxvZ2Ryb25AZ21haWwuY29tCg== > > icq > NDc2MDQxMzA0Cg== > > jabber > YmxvZ2Ryb25AY2xpbW0ub3JnCg== > > p.s base64 -d ? ??? ?? ??????? ??? ?? ? ?)
signature.asc
Description: OpenPGP digital signature
