[RAS] [joey at infodrom.org: Debian GNU/Linux 5.0 updated]
Christian Zimmermann
christian.zimmermann at uconn.edu
Sun Jan 31 02:11:26 CST 2010
Not now. I am not in the US to push the button.
Christian Zimmermann FIGUGEGL!
Department of Economics
University of Connecticut
341 Mansfield Road, Unit 1063
Storrs, CT 06269-1063
http://ideas.repec.org/zimm/ christian.zimmermann at uconn.edu
http://ideas.repec.org/e/pzi1.html
On Sat, 30 Jan 2010, Thomas Krichel wrote:
>
> When do we update?
>
>
> ----- Forwarded message from Joey Schulze <joey at infodrom.org> -----
>
> From: Joey Schulze <joey at infodrom.org>
> To: Debian Announcements <debian-announce at lists.debian.org>
> Subject: Debian GNU/Linux 5.0 updated
>
> -------------------------------------------------------------------------
> The Debian Project http://www.debian.org/
> Debian GNU/Linux 5.0 updated press at debian.org
> January 30th, 2010 http://www.debian.org/News/2010/20100130
> -------------------------------------------------------------------------
>
> Debian GNU/Linux 5.0 updated
>
> The Debian project is pleased to announce the fourth update of its stable
> distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly
> adds corrections for security problems to the stable release, along with
> a few adjustments for serious problems.
>
> Please note that this update does not constitute a new version of Debian
> GNU/Linux 5.0 but only updates some of the packages included. There is
> no need to throw away 5.0 CDs or DVDs but only to update via an up-to-
> date Debian mirror after an installation, to cause any out of date
> packages to be updated.
>
> Those who frequently install updates from security.debian.org won't have
> to update many packages and most updates from security.debian.org are
> included in this update.
>
> New CD and DVD images containing updated packages and the regular
> installation media accompanied with the package archive respectively will
> be available soon at the regular locations.
>
> Upgrading to this revision online is usually done by pointing the
> aptitude (or apt) package tool (see the sources.list(5) manual page) to
> one of Debian's many FTP or HTTP mirrors. A comprehensive list of
> mirrors is available at:
>
> <http://www.debian.org/distrib/ftplist>
>
>
> Miscellaneous Bugfixes
> ----------------------
>
> This stable update adds a few important corrections to the following packages:
>
> Package Reason
>
> alien-arena Fix remote arbitrary code execution
> amarok Apply regex update to make Wikipedia tab work again
> apache2 Several issues
> backup-manager Fix possible mysql password leakage to local users
> backuppc Prohibit editing of client name alias to avoid unauthorised file access
> base-files Update /etc/debian_version to reflect the point release
> choose-mirror Improve suite selection and validation of suites available on selected mirror
> clock-setup Correctly handle system dates before epoch
> consolekit Don't create pam-foreground-compat tag files for remote users
> debmirror Compress packages files using --rsyncable so they match the files from the archive
> devscripts Update a number of scripts to understand squeeze and lenny-backports
> dhcp3 Fix memory leak and SIGPIPE in LDAP code
> dpkg Various fixes to new source package format support
> drupal6 Fix XSS issues in Contact and Menu moduels
> fam Fix 100% CPU usage in famd
> fetchmail Fix init script dependencies; don't complain about missing configuration when disabled
> firebird2.0 Fix DOS via malformed message
> gchempaint Fix segmentation fault
> gdebi Fix gksu call to not pass an option that the Debian package doesn't support
> geneweb Correctly handle database with names containing whitespace in the postinst
> ghc6 Fix deadlock bug on 64-bit architectures
> glib2.0 Fix g_file_copy to correctly set permissions of target files
> glibc Fix bug in realloc() when enlarging a memory allocation
> gnash Reduce messages produced by the browser plugin to avoid filling .xsession-errors
> gnome-system-tools Don't change root's home directory when editing the user and fix group creation dialog
> haproxy Several stability and crash fixes
> kazehakase Disallow adding bookmarks for data:/javascript: URIs (CVE-2007-1084)
> killer Correctly handle long usernames in the ruser field
> libcgi-pm-perl Fix unwanted ISO-8859-1 -> UTF-8 conversion in CGI::Util::escape()
> libdbd-mysql-perl Fix segmentation faults caused by auto_reconnect
> libdbd-pg-perl Correctly handle high-bit characters
> libfinance-quote-perl Fix ordering of fields in Yahoo data
> linux-2.6 Several corrections
> linux-kernel-di-alpha-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-arm-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-hppa-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.26-21
> linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.26-21
> lkl Rebuild to get new MD5 sum (previous sum was causing FPs from antivirus)
> movabletype-opensource Disable mt-wizard.cgi by default
> munin Fix CPU usage graphs to account for changes in kernel reporting
> mysql-dfsg-5.0 Revert "dummy thread" workaround which causes segfaults and fix crash when using GIS functions
> nss-ldapd Treat usernames and other lookups as case-sensitive
> openttd Fix remote crash vulnerability
> otrs2 Don't globally limit MaxRequestsPerChild on Apache or reject valid domains
> partman-auto-crypto Avoid triggering unsafe swap warning when setting up LVM
> planet-venus Enhance escaping of processed feeds
> proftpd-dfsg SSL certificate verification weakness
> pyenchant Make add_to_personal() work again
> python-docutils Fix insecure temporary file usage in reStructuredText Emacs mode
> python-xml Fix two denials of service
> qcontrol Create persistent input device to handle changes in udev 0.125-7+lenny3
> redhat-cluster Fix problem with resource failover
> request-tracker3.6 Session hijack vulnerability
> roundup Fix pagination regression caused by security fix
> samba Fix regression in name mangling
> serveez Fix remote buffer overflow
> shadow Fix handling of long lines in the user or group files
> spamassassin Don't consider dates in 2010 "grossly in the future"
> system-tools-backends Fix regression in operation of some elements
> texlive-bin Fix crash with large files
> tor Fix crash due to race condition and update authority keys
> totem Update youtube plugin to match changes to the site
> tzdata Update timezone data
> usbutils Update USB IDs
> user-mode-linux Rebuild against linux-source-2.6.26 2.6.26-21
> vpb-driver Fix Asterisk crash with missing config file
> watchdog Ensure daemon really has ended before starting a new one
> webauth Avoid inadvertently including passwords in cookie test URLs
> wireshark Several vulnerabilities
> xfs Fix temporary directory usage in the init script
> xscreensaver Fix local screen lock bypass vulnerability
>
> A number of packages were rebuilt on the alpha, amd64 and ia64
> architectures to incorporate the fix from the updated ghc6 package:
>
> alex arch2darcs
> bnfc c2hs
> dfsbuild drift
> cpphs darcs
> darcs-buildpackage darcs-monitor
> datapacker frown
> geordi haddock
> happy haskell-utils
> hat helium
> hmake hpodder
> hscolour lhs2tex
> kaya pxsl-tools
> srcinst uuagc
> whitespace xmonad
>
>
> Debian Installer
> ----------------
>
> The Debian Installer has been updated in this point release to offer
> better support for installation of the "oldstable" distribution and from
> archive.debian.org. The new installer also allows the system date to be
> updated using NTP if it is before January 1st, 1970 at boot time.
>
> The kernel image used by the installer has been updated to incorporate a
> number of important and security-related fixes together with support for
> additional hardware.
>
> An update to the udev package in the previous point release
> unfortunately led to the LEDs and on-board buzzer of arm/armel-based
> QNAP NAS devices not operating during installs. This is rectified in
> the new installer release.
>
> Finally, it is once again possible to use the installer on the S/390
> architecture by booting from CD.
>
>
> Security Updates
> ----------------
>
> This revision adds the following security updates to the stable release.
> The Security Team has already released an advisory for each of these updates:
>
> Advisory ID Package Correction(s)
>
> DSA 1796 libwmf Denial of service
> DSA 1825 nagios3 Arbitrary code execution
> DSA 1835 tiff Several vulnerabilities
> DSA 1836 fckeditor Arbitrary code execution
> DSA 1837 dbus Denial of service
> DSA 1839 gst-plugins-good0.10 Arbitrary code execution
> DSA 1849 xml-security-c Signature forgery
> DSA 1850 libmodplug Arbitrary code execution
> DSA 1860 ruby1.9 Several issues
> DSA 1863 zope2.10 Arbitrary code execution
> DSA 1866 kdegraphics Several vulnerabilities
> DSA 1868 kde4libs Several vulnerabilities
> DSA 1878 devscripts Remote code execution
> DSA 1879 silc-client Arbitrary code execution
> DSA 1879 silc-toolkit Arbitrary code execution
> DSA 1880 openoffice.org Arbitrary code execution
> DSA 1882 xapian-omega Cross-site scripting
> DSA 1884 nginx Arbitrary code execution
> DSA 1885 xulrunner Several vulnerabilities
> DSA 1886 iceweasel Several vulnerabilities
> DSA 1887 rails Cross-site scripting
> DSA 1888 openssl Deprecate MD2 hash signatures
> DSA 1889 icu Security bypass due to multibyte sequence parsing
> DSA 1890 wxwidgets2.6 Arbitrary code execution
> DSA 1890 wxwidgets2.8 Arbitrary code execution
> DSA 1891 changetrack Arbitrary code execution
> DSA 1892 dovecot Arbitrary code execution
> DSA 1893 cyrus-imapd-2.2 Arbitrary code execution
> DSA 1893 kolab-cyrus-imapd Arbitrary code execution
> DSA 1894 newt Arbitrary code execution
> DSA 1895 opensaml2 Interpretation conflict
> DSA 1895 shibboleth-sp2 Interpretation conflict
> DSA 1895 xmltooling Potential code execution
> DSA 1896 opensaml Potential code execution
> DSA 1896 shibboleth-sp Potential code execution
> DSA 1897 horde3 Arbitrary code execution
> DSA 1898 openswan Denial of service
> DSA 1899 strongswan Denial of service
> DSA 1900 postgresql-8.3 Various problems
> DSA 1903 graphicsmagick Several vulnerabilities
> DSA 1904 wget SSL certificate verification weakness
> DSA 1905 python-django Denial of service
> DSA 1907 kvm Several vulnerabilities
> DSA 1908 samba Several vulnerabilities
> DSA 1909 postgresql-ocaml Missing escape function
> DSA 1910 mysql-ocaml Missing escape function
> DSA 1911 pygresql Missing escape function
> DSA 1912 advi Arbitrary code execution
> DSA 1912 camlimages Arbitrary code execution
> DSA 1913 bugzilla SQL injection
> DSA 1914 mapserver Serveral vulnerabilities
> DSA 1915 linux-2.6 Several vulnerabilities
> DSA 1915 user-mode-linux Several vulnerabilities
> DSA 1916 kdelibs SSL certificate verification weakness
> DSA 1917 mimetex Several vulnerabilities
> DSA 1918 phpmyadmin Several vulnerabilities
> DSA 1919 smarty Several vulnerabilities
> DSA 1920 nginx Denial of service
> DSA 1921 expat Denial of service
> DSA 1922 xulrunner Several vulnerabilities
> DSA 1923 libhtml-parser-perl Denial of service
> DSA 1924 mahara Several vulnerabilities
> DSA 1925 proftpd-dfsg SSL certificate verification weakness
> DSA 1926 typo3-src Several vulnerabilities
> DSA 1930 drupal6 Several vulnerabilities
> DSA 1931 nspr Several vulnerabilities
> DSA 1932 pidgin Arbitrary code execution
> DSA 1933 cups Cross-site scripting
> DSA 1934 apache2 Several issues
> DSA 1934 apache2-mpm-itk Several issues
> DSA 1935 gnutls26 SSL certificate NUL byte vulnerability
> DSA 1936 libgd2 Several vulnerabilities
> DSA 1937 gforge Cross-site scripting
> DSA 1938 php-mail Insufficient input sanitising
> DSA 1939 libvorbis Several vulnerabilities
> DSA 1940 php5 Multiple issues
> DSA 1941 poppler Several vulnerabilities
> DSA 1942 wireshark Several vulnerabilities
> DSA 1944 request-tracker3.6 Session hijack vulnerability
> DSA 1945 gforge Denial of service
> DSA 1947 opensaml2 Cross-site scripting
> DSA 1947 shibboleth-sp Cross-site scripting
> DSA 1947 shibboleth-sp2 Cross-site scripting
> DSA 1948 ntp Denial of service
> DSA 1949 php-net-ping Arbitrary code execution
> DSA 1950 webkit Several vulnerabilities
> DSA 1951 firefox-sage Insufficient input sanitizing
> DSA 1952 asterisk Several vulnerabilities
> DSA 1953 expat Denial of service
> DSA 1954 cacti Insufficient input sanitising
> DSA 1956 xulrunner Several vulnerabilities
> DSA 1957 aria2 Arbitrary code execution
> DSA 1958 libtool Privilege escalation
> DSA 1959 ganeti Arbitrary command execution
> DSA 1960 acpid Weak file permissions
> DSA 1961 bind9 Cache poisoning
> DSA 1962 kvm Several vulnerabilities
> DSA 1963 unbound DNSSEC validation
> DSA 1964 postgresql-8.3 Several vulnerabilities
> DSA 1965 phpldapadmin Remote file inclusion
> DSA 1966 horde3 Cross-site scripting
> DSA 1967 transmission Directory traversal
> DSA 1968 pdns-recursor Potential code execution
> DSA 1969 krb5 Denial of service
> DSA 1970 openssl Denial of service
> DSA 1971 libthai Arbitrary code execution
> DSA 1972 audiofile Buffer overflow
> DSA 1974 gzip Arbitrary code execution
> DSA 1976 dokuwiki Several vulnerabilities
> DSA 1978 phpgroupware Several vulnerabilities
> DSA 1979 lintian Multiple vulnerabilities
> DSA 1980 ircd-hybrid Arbitrary code execution
>
>
> Removed packages
> ----------------
>
> The following packages were removed due to circumstances beyond our
> control:
>
> Package Reason
>
> destar Security issues; unmaintained; abandoned upstream
> electricsheep No longer functional
> gnudip Security issues; unmaintained; abandoned upstream
> kcheckgmail No longer functional
> libgnucrypto-java Security issues; obsolete
>
> Additionally those parts of the libwww-search-perl and
> libperl4caml-ocaml-dev packages which rely on the Google SOAP search
> API (provided by libnet-google-perl) are no longer functional as the
> API has been retired by Google. The remaining portions of the
> packages will continue to function as before.
>
>
> URLs
> ----
>
> The complete lists of packages that have changed with this revision:
>
> <http://ftp.debian.org/debian/dists/lenny/ChangeLog>
>
> The current stable distribution:
>
> <http://ftp.debian.org/debian/dists/stable>
>
> Proposed updates to the stable distribution:
>
> <http://ftp.debian.org/debian/dists/proposed-updates>
>
> stable distribution information (release notes, errata etc.):
>
> <http://www.debian.org/releases/stable/>
>
> Security announcements and information:
>
> <http://www.debian.org/security/>
>
>
> About Debian
> ------------
>
> The Debian Project is an association of Free Software developers who
> volunteer their time and effort in order to produce the completely free
> operating system Debian GNU/Linux.
>
>
> Contact Information
> -------------------
>
> For further information, please visit the Debian web pages at
> <http://www.debian.org/>, send mail to <press at debian.org>, or contact the
> stable release team at <debian-release at lists.debian.org>
>
>
> --
> To UNSUBSCRIBE, email to debian-announce-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
>
>
> ----- End forwarded message -----
>
> --
>
>
> Cheers,
>
> Thomas Krichel http://openlib.org/home/krichel
> http://authorclaim.org/profile/pkr1
> skype: thomaskrichel
>
> _______________________________________________
> RAS-run mailing list
> RAS-run at lists.openlib.org
> http://lists.openlib.org/cgi-bin/mailman/listinfo/ras-run
>
More information about the RAS-run
mailing list