gmane.linux.debian.user.announce
http://blog.gmane.org/gmane.linux.debian.user.announce
hourly11901-01-01T00:00+00:00Gmanehttp://gmane.org/img/gmane-25t.png
http://gmane.org
Updated Debian 6.0: 6.0.5 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/81
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- ------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.5 released press< at >lists.debian.org
May 12th, 2012 http://www.debian.org/News/2012/20120512
- ------------------------------------------------------------------------
The Debian project is pleased to announce the fifth update of its
stable distribution Debian 6.0 (codename `squeeze'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Miscellaneous Bugfixes
======================
This stable update adds a few important corrections to the following
packages:
Package Reason
acpid Really fix CVE-2011-1159
Fix apr_file_trunc() bug which could lead
apr to Subversion repository corruption in some
rare cases
at Create hardlink as priviledged user for
compatibility with later kernels
base-files Update /etc/debian_version for the point
release
brltty Fix support for large esys/iris displays
clive Adapt for youtube.com changes
ecl Remove broken postrm script
Fix resolving issues with broken servers
returning NOTIMP or FORMERR to AAAA
eglibc queries; fix integer overflow in timezone
code; local/manpages/gai.conf.5: update
from latest RedHat version
evolution-data-server Make e_book_get_changes() actually return
changes
Lock server's executeCmd to prevent racing
fail2ban among iptables calls; fix insecure creation
of tempfiles
foomatic-filters Fix insecure temporary file use in renderer
command line
giplet Use checkip.dyndns.org instead of the no
longer suitable www.whatismyip.org
gnusound Fix format string security issue
gosa Fix DHCP host removal and user generator
Unicode character transliteration
highlight Remove broken postrm
json-glib Fix serialization of doubles
kdeutils Fix directory traversal in Ark
keepalived Set correct permissions on pid file
laptop-mode-tools Add support for 3.x kernels
libcgicc Install pkg-config file to the correct
location
Fix passive grabs; handle unknown device
libxi classes; fill in mods/group->effective in
XIQueryPointer
linux-2.6 Add longterm releases 2.6.32.5[5-9]
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-45
netselect Robustness and documentation fixes; handle
mirror lists with embedded attributes
openssh Fix information disclosure regarding forced
commands via debug messages
openvpn Fix /sbin/route calls on kFreeBSD
php-memcache Fix cache delete bug, when deleting objects
from memcached 1.4.4+
php-memcached Fix double free in getServerByKey()
phppgadmin Fix XSS in function.php
Fix race condition when reading from /proc
policykit-1 which allows local users to gain root
privileges by executing a setuid program
from pkexec
procps Support 3.X kernels
pyspf Correctly process CNAMEs in SPF records
python-defaults Correctly remove /var/lib/python/
python2.6_already_installed
python-virtualenv Fix insecure temp file handling
rott Fallback to downloading shareware data
files from pkg-games.alioth.debian.org
sks Use standards-compliant POSTs
sysvinit Enable use of either rpcbind or portmap for
NFS
texlive-base Don't try to repair a missing
pdftexconfig.tex in preinst
Rate-limit getstatus and rcon
tremulous connectionless packets, to avoid their use
for traffic amplification; fix several
security bugs; disable auto-downloading
tzdata New upstream version
wicd Fix local privilege escalation,
CVE-2012-2095
xfce4-weather-plugin Update service key to restore access to
server
yapra Add ruby1.8 build-dependency to fix broken
build in clean environment
Security Updates
================
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2321 moin Cross-site scripting
DSA-2352 puppet Programming error
DSA-2359 mojarra EL injection
DSA-2394 libxml2 Multiple issues
DSA-2395 wireshark Buffer underflow
DSA-2396 qemu-kvm Buffer underflow
DSA-2397 icu Buffer underflow
DSA-2398 curl Multiple issues
DSA-2399 php5 Multiple issues
DSA-2400 iceweasel Multiple issues
DSA-2401 tomcat6 Multiple issues
DSA-2402 iceape Multiple issues
DSA-2403 php5 Code injection
DSA-2404 xen-qemu-dm-4.0 Buffer overflow
DSA-2405 apache2 Multiple issues
DSA-2406 icedove Multiple issues
DSA-2407 cvs Heap overflow
DSA-2408 php5 Multiple issues
DSA-2409 devscripts Multiple issues
DSA-2410 libpng Integer overflow
DSA-2411 mumble Information disclosure
DSA-2412 libvorbis Buffer overflow
DSA-2413 libarchive Buffer overflows
DSA-2414 fex Insufficient input sanitization
DSA-2415 libmodplug Multiple issues
DSA-2416 notmuch Information disclosure
DSA-2417 libxml2 Denial of service
DSA-2418 postgresql-8.4 Multiple issues
DSA-2419 puppet Multiple issues
DSA-2420 openjdk-6 Multiple issues
DSA-2421 moodle Multiple issues
DSA-2422 file Missing bounds check
DSA-2423 movabletype-opensource Multiple issues
DSA-2424 libxml-atom-perl XML entity expansion
DSA-2425 plib Buffer overflow
DSA-2426 gimp Multiple issues
DSA-2427 imagemagick Multiple issues
DSA-2428 freetype Multiple issues
DSA-2430 python-pam Double free
DSA-2431 libdbd-pg-perl Format string vulnerabilities
DSA-2432 libyaml-libyaml-perl Format string vulnerability
DSA-2433 iceweasel Multiple issues
DSA-2434 nginx Sensitive information leak
DSA-2435 gnash Multiple issues
DSA-2436 libapache2-mod-fcgid Inactive resource limits
DSA-2437 icedove Multiple issues
DSA-2438 raptor Programming error
DSA-2439 libpng Buffer overflow
DSA-2440 libtasn1-3 Integer overflow
DSA-2441 gnutls26 Missing bounds check
DSA-2442 openarena UDP traffic amplification
DSA-2443 linux-2.6 Multiple issues
DSA-2443 user-mode-linux Multiple issues
DSA-2444 tryton-server Privilege escalation
DSA-2445 typo3-src Multiple issues
DSA-2446 libpng Incorrect memory handling
DSA-2447 tiff Integer overflow
DSA-2448 inspircd Buffer overflow
DSA-2449 sqlalchemy Missing input sanitization
DSA-2450 samba Privilege escalation
DSA-2451 puppet Multiple issues
DSA-2452 apache2 Insecure default configuration
DSA-2453 gajim Multiple issues
DSA-2454 openssl Multiple issues
DSA-2455 typo3-src Cross site scripting
DSA-2456 dropbear Use after free
DSA-2457 iceweasel Multiple issues
DSA-2458 iceape Multiple issues
DSA-2459 quagga Multiple issues
DSA-2460 asterisk Multiple issues
DSA-2461 spip Multiple issues
DSA-2462 imagemagick Multiple issues
DSA-2463 samba Missing permission checks
DSA-2464 icedove Multiple issues
Debian Installer
================
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
URLs
====
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/squeeze/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable/>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://security.debian.org/>
About Debian
============
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
===================
For further information, please visit the Debian web pages at http://
www.debian.org/, send mail to <press< at >debian.org>, or contact the stable
release team at <debian-release< at >lists.debian.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPrnuHAAoJELgqIXr9/gnyfmcP+gJMTLndsj83z/IONMm7WQ4a
f4uuat9V9mXbUVgHxYPkMy1RQfnJiPVZxq9dE26SybbEsoaa9lhnX7hUIq2K33NU
kL9O4ituOtAc/l4CSohtHLMvzY6rS+LoTNTFuUphDV/8h0NH1C/cBV1VrxXY8yH/
191+qnaMQZg4WpaLKAX1gi2lJ8SW65SEJv6PZGVwvp494zsV8Sli/BnFI5PtaaG9
QwL1USsnLlK4idHphfamjFvWL2gjrYsQ8pzuX9yCdBv+8iDXWSPYEA/+PZe764Ea
dp3aOjqL0EpJfeWMXPYa4zlfNpyWBFRcahpPhIz9oPgGIbn0tVPN8vFEm2j2SQ04
e7uPkuZ5ag9YixoYKZna20fAvayDozxaNeHwU5bm14FnOZB6Jtl0ldqPgTsn8NGV
DGgfjyiHNEwSO2KQn054jyUK/jt9mDo5eT7Vxdg7MAOlicxAJa4Dux6CYE0+MNie
u51esQ6/gJagoIGYqKuZlg6twE2FqMgPdGFw9mrxQ0nmYBEXZsDejsi5k1P8byCI
o+PlibRvALlW+LPs0yoxMrEUjw8LvZBv0ONF5AepA4S9qekF0Q90/PoANIurMIs6
C6NDWYPEm/EiD66QtEPItwvvtMsKNK8WvI5PtjJzddTVhM1AwBPZ9FcFlHFH578h
3xK79ENRwE5SKQ0GEQwg
=D8zF
-----END PGP SIGNATURE-----
</pre>David Prévot2012-05-12T15:31:26The Debian Project reelects Stefano Zacchiroli as Project Leader
http://permalink.gmane.org/gmane.linux.debian.user.announce/80
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
press< at >debian.org
April 15th, 2012 http://www.debian.org/News/2012/20120415
------------------------------------------------------------------------
Debian Project reelects Stefano Zacchiroli as Project Leader
In accordance with its constitution [1], the Debian Project has just
reelected Stefano Zacchiroli for a third year as Debian Project Leader.
More than 80% of voters put him as their first choice (or equal first)
on their ballot papers. This is the first time in the history of the
project that a candidate wins in three consecutive years.
1: http://www.debian.org/devel/constitution
Stefano's large majority over his opponents shows how satisfied the
Debian project is with his work so far, and its wish for him to
represent the project during one last term — Stefano has already
announced he won't be seeking reelection again next year. Wouter
Verhelst and Gergely Nagy also gained a lot of support from Debian
project members, both coming hundreds of votes ahead of the "None of
the above" ballot choice.
Stefano has been a Debian Developer since March 2001 and was a
long-term contributor to several core services such as Debian's Package
Tracking System and its Quality Assurance Team. He became Debian
Project Leader in 2010, then in 2011 was reelected unopposed. After it
was announced that he had won this year's election, Stefano said: "I'm
flattered by the trust that Debian members have put in me in the past,
and now renewed with this election. I've a lot of admiration for
democratic processes, and I couldn't be happier to have been chosen to
serve as DPL for another year. I suspect my agenda for the year will be
quite packed and, in parallel, I'll do my best to make myself
replaceable."
Debian uses the Condorcet voting method for project leader elections.
The detailed election results can be found at the voting page [2].
2: http://www.debian.org/vote/2012/vote_001
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-04-15T17:41:57Updated Debian 5.0: 5.0.10 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/79
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- ------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 5.0: 5.0.10 released press< at >debian.org
March 10th, 2012 http://www.debian.org/News/2012/20120310
- ------------------------------------------------------------------------
The Debian project is pleased to announce the tenth and final update
of its oldstable distribution Debian 5.0 (codename `lenny'). This update
mainly adds corrections for security problems to the oldstable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
The alpha and ia64 packages from DSA 1769 are not included in this
point release for technical reasons. All other security updates
released during the lifetime of `lenny' that have not previously been
part of a point release are included in this update.
Please note that the security support for the oldstable distribution
ended in February 2012 and no updates have been released since that
point.
<http://www.debian.org/News/2012/20120209>
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Please note that the oldstable distribution will be moved from the
main archive to the archive.debian.org repository after March 24th 2012.
After this move, it will no longer be available from the main mirror
network. More information about the distribution archive and a list of
mirrors is available at:
<http://www.debian.org/distrib/archive>
Miscellaneous Bugfixes
======================
This oldstable update adds a few important corrections to the
following packages:
Package Reason
apr Disable robust pthread mutexes on alpha, arm, and armel
base-files Update /etc/debian_version for the point release
ia32-libs Refresh packages to include recent security updates
libdigest-perl Fix unsafe use of eval in Digest->new()
linux-2.6 Various security fixes
phppgadmin Fix XSS
postgresql-8.3 New upstream micro-release
typo3-src Fix cache flooding via improper error handling
xapian-omega Fix escaping issues in templates
xpdf Insecure tempfile usage in zxpdf
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-29)
Security Updates
================
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-1769 openjdk-6 Arbitrary code execution
DSA-2161 openjdk-6 Multiple issues
DSA-2224 openjdk-6 Multiple issues
DSA-2237 apr Denial of service
DSA-2251 subversion Multiple issues
DSA-2258 kolab-cyrus-imapd Implementation error
DSA-2263 movabletype-opensource Multiple issues
DSA-2265 perl Missing taint check
DSA-2267 perl Restriction bypass
DSA-2271 curl Improper delegation of client
credentials
DSA-2281 opie Multiple issues
DSA-2284 opensaml2 Implementation error
DSA-2285 mapserver Multiple issues
DSA-2287 libpng Multiple issues
DSA-2301 rails Multiple issues
DSA-2305 vsftpd Denial of service
DSA-2313 xulrunner Multiple issues
DSA-2315 openoffice.org Multiple issues
DSA-2316 quagga Multiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2320 dokuwiki Regression fix
DSA-2321 moin Cross-site scripting
DSA-2323 radvd Multiple issues
DSA-2324 wireshark Programming error
DSA-2328 freetype Missing input sanitising
DSA-2332 python-django Multiple issues
DSA-2333 phpldapadmin Multiple issues
DSA-2334 mahara Multiple issues
DSA-2335 man2html Missing input sanitization
DSA-2339 nss Multiple issues
DSA-2340 postgresql-8.3 Weak password hashing
DSA-2341 xulrunner Multiple issues
DSA-2343 openssl CA trust revocation
DSA-2346 proftpd-dfsg Multiple issues
DSA-2347 bind9 Improper assert
DSA-2350 freetype Missing input sanitising
DSA-2351 wireshark Buffer overflow
DSA-2352 puppet Programming error
DSA-2354 cups Multiple issues
DSA-2355 clearsilver Format string vulnerability
DSA-2357 evince Multiple issues
DSA-2358 openjdk-6 Multiple issues
DSA-2361 chasen Buffer overflow
DSA-2362 acpid Multiple issues
DSA-2363 tor Buffer overflow
DSA-2365 dtc Multiple issues
DSA-2366 mediawiki Multiple issues
DSA-2367 asterisk Multiple issues
DSA-2368 lighttpd Multiple issues
DSA-2369 libsoup2.4 Directory traversal
DSA-2370 unbound Multiple issues
DSA-2371 jasper Buffer overflows
DSA-2372 heimdal Buffer overflow
DSA-2373 inetutils Buffer overflow
DSA-2374 openswan Implementation error
DSA-2375 krb5 Buffer overflow
DSA-2376 ipmitool Insecure pid file
DSA-2377 cyrus-imapd-2.2 Denial of service
DSA-2380 foomatic-filters Shell command injection
DSA-2382 ecryptfs-utils Multiple issues
DSA-2383 super Buffer overflow
DSA-2384 cacti Multiple issues
DSA-2385 pdns Packet loop
DSA-2386 openttd Multiple issues
DSA-2388 t1lib Multiple issues
DSA-2390 openssl Multiple issues
DSA-2392 openssl Out-of-bounds read
DSA-2394 libxml2 Multiple issues
DSA-2397 icu Buffer underflow
DSA-2398 curl Multiple issues
DSA-2399 php5 Multiple issues
DSA-2400 xulrunner Multiple issues
DSA-2403 php5 Code injection
DSA-2405 apache2 Multiple issues
DSA-2405 apache2-mpm-itk Multiple issues
Debian Installer / kernel
=========================
The kernel included in this point release has been updated to
incorporate fixes for a number of security issues. The installer has
been rebuilt to use the new kernel.
Removed packages
================
The following packages were removed due to circumstances beyond our
control:
Package Reason
qcad Non-distributable
partlibary Non-distributable
URLs
====
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/lenny/ChangeLog>
The current oldstable distribution:
<http://ftp.debian.org/debian/dists/oldstable/>
Proposed updates to the oldstable distribution:
<http://ftp.debian.org/debian/dists/oldstable-proposed-updates>
Oldstable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/oldstable/>
Security announcements and information:
<http://security.debian.org/>
About Debian
============
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
===================
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press< at >debian.org>, or contact the
stable release team at <debian-release< at >lists.debian.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPW6QCAAoJELgqIXr9/gnyRAkQAI35rAPyr5Rqau2+xXIZqNKK
hYj5xXuNDunVlx/jLHYYCdp8VBRL3x9gmHF68PHUZFJHBHk4Iiocp1Yfpu8IBpeo
RPj2S0IpmUxdJndBS4GGkhj4IiejQSQb7wKyLnD/xuf+aoiL8BkCPj5FfLNY3LPQ
emvwwZB52qN3ByYNLXp4FCC34X29TQgNRjlvUMtY3WU9ZpI7We5FXr2Xvx/JhbP3
ybmqzSrcdyS692lTwpp1ipee4XfV4M652iyaB3rCWmlgfwhr1J9XB1k7MvmTAk6Z
ueyv9W+NC+rUJgZJCoekRogbKVn8ymMtECW5WnsY7BqXPhSYCqBExcsUCUzSqXdh
2sq5fA1Z7zR9RD2a03jR7BY545+8QG6X4HtzijGLGpXz0RB8xyUyeu7eq8diGgom
u+UzVfw0hIClpnXNaM4Wjcb06tAcYMggCOXmhrm/eUTYkje30eIgCDiYDqQi+xeD
P7H2IOPA1vDX8ggCLP4PGXrFB1AblY27FiLvyfYwlad0WxBpYxax3Opu9UM+cWV3
Fe4U2XUboPqNawaBXhSTwP9WVr02/9cS6FsP5AY47KE4i/e+xMfZOQWJW+MzQ7cM
fJZbFirbOHNZkqn6YVjpufPZnWpHfjV/jP5BpEGn9H1WYvHYyJjeR1BqhwrtJRB1
jEol6sR437zodwWFNxji
=LXsK
-----END PGP SIGNATURE-----
</pre>David Prévot2012-03-10T19:10:25Make DebConf12 a success: donate or become a sponsor
http://permalink.gmane.org/gmane.linux.debian.user.announce/78
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Make DebConf12 a success: donate or become a sponsor press< at >debian.org
http://www.debian.org/News/2012/20120304
------------------------------------------------------------------------
March 3rd, 2012
The Debian Project's annual conference is slowly coming closer.
Visiting places around the world since 2000, DebConf will take place
this year in Managua, Nicaragua, in July and will again provide an
opportunity for people who contribute to Debian to meet in person for
face-to-face collaboration and discussions.
At DebConf we try to bring together as many Debian contributors as
possible, including those who could not afford to attend from their own
resources. You can help make DebConf12 a success by your organisation
becoming a sponsor, or by donating money as an individual.
[1] Individual donations can be made online in either US dollars or euros.
1: http://debconf12.debconf.org/payments.xhtml
If you are interested in becoming a sponsor, you can find more
information about [2] DebConf12 sponsor page or directly contact
<sponsors< at >debconf.org>.
2: http://debconf12.debconf.org/become-sponsor.xhtml
In addition to monetary donations, sponsorship can be provided in the
form of in-kind donations, or by lending equipment for the conference
period.
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the
"universal operating system" .
About DebConf
-------------
DebConf is the Debian Project's developer conference. In addition to a
full schedule of technical, social and policy talks, DebConf provides
an opportunity for developers, contributors and other interested people
to meet in person and work together more closely. It has taken place
annually since 2000 in locations as varied as Scotland, Argentina, and
Bosnia and Herzegovina. More information about DebConf is available
from http://debconf.org/.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-03-04T20:16:25Debian Position on Software Patents
http://permalink.gmane.org/gmane.linux.debian.user.announce/77
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian Position on Software Patents press< at >lists.debian.org
February 19th, 2012 http://www.debian.org/News/2012/20120219
------------------------------------------------------------------------
Debian Position on Software Patents
The Debian Project announces the availability of its [1] patent policy
for the Debian archive.
1: http://www.debian.org/legal/patent
The Debian Project maintains a critical stance towards software
patents: we consider software patents to be a threat to Free Software
and an obstacle to the Debian mission of providing an entirely Free
operating system for everyone's use. We believe software patents
provide no advantage in promoting software innovation and we encourage
our upstream authors to object to software patents.
At the same time, given the de facto possibility of patenting
software-related ideas in several countries around the world, it is
important to neither underestimate nor overestimate software patent
issues. We are particularly concerned about patent FUD and we have
worked to improve clarity on the subject.
After the publication of the [2] Community Distribution Patent Policy
FAQ, the availability of a patent policy for the Debian archive is
our next step in coping with the software patent system that we hope
to see abolished. We thank lawyers at the [3] Software Freedom Law
Center for working with us on this policy.
2: http://www.debian.org/reports/patent-faq
3: http://www.softwarefreedom.org/
"Patent Aggression is widespread throughout the information technology
industry at present", said Eben Moglen, founding director of the
Software Freedom Law Center. "Parties have spent billions of dollars
trying to use patent monopolies to halt innovation and threaten
innovators. With the adoption of this patent policy Debian prepares to
defend its developers and users more effectively, forcefully, and
knowledgeably."
Debian Project Leader Stefano Zacchiroli said "The Debian Project has
a long tradition of standing up for users' rights to an entirely Free
operating system. Patent fears, uncertainties and doubts undermine
this. A patent policy and a contact point for related issues in the
Debian archive will help reducing patent FUD among our users."
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the
"universal operating system" .
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Stefano Zacchiroli2012-02-19T18:18:39New machine for Debian archive main mirror
http://permalink.gmane.org/gmane.linux.debian.user.announce/76
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
New machine for Debian archive main mirror press< at >lists.debian.org
February 18th, 2012 http://www.debian.org/News/2012/20120218
------------------------------------------------------------------------
New machine for Debian archive main mirror
The Debian Project is pleased to announce that the hardware behind
"ftp.debian.org" has recently been replaced, with the help of Studenten
Net Twente (SNT) and HP. The new machine is an 8-core Intel Xeon
machine with 48 GB of memory and a total of 6 TB (on RAID 10) of local
storage. The new server is generously hosted by Studenten Net Twente at
the University of Twente, which was already hosting the old
"ftp.debian.org" machine.
"The amount of new architectures added to Debian recently and the fact
that we now also provide support for non-Linux operating system kernels
caused us to run short on disk space on the old machine. This new
machine should give us enough space for a few years" said Martin
Zobel-Helas, a member of the Debian System Administrator team. "Hosting
Debian hardware at University of Twente has a long tradition for the
Debian Project.", Martin added.
"At SNT, our slogan is "making the net work!" and that's exactly what
we're doing by providing Debian with extra hosting and bandwidth in the
Netherlands. SNT has been using Debian since 1996 for all of its
network managing servers and other services and therefore we kindly
hostkassia, the Dutch FTP archive (ftp.nl.debian.org) and now this new
server klecker" says Tjerk Jan from SNT.
About Studenten Net Twente
--------------------------
Studenten Net Twente was created in 1994 to handle network facilities
provided by ICTS (the IT service of the University of Twente) including
ADSL, campusnet, WLAN, VPN and dialup connections to the university.
Thanks to the expertise of the students manning the helpdesk they
manage to offer support to all network-related problems of students at
the University of Twente. SNT maintains an FTP mirror for major free
and open source projects such as Firefox and Debian, and an IRC server.
It also offers colocation and web hosting to student associations and
other organisations on campus. All these services are maintained by a
group of volunteers who use this experience to broaden their knowledge.
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-02-18T21:39:57Upcoming Debian Bug Squashing Parties
http://permalink.gmane.org/gmane.linux.debian.user.announce/75
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Upcoming Debian Bug Squashing Parties press< at >lists.debian.org
February 15th, 2012 http://www.debian.org/News/2012/20120215
------------------------------------------------------------------------
Upcoming Debian Bug Squashing Parties
The Debian Project is pleased to announce that in the next few months
Bug Squashing Parties ([1] "BSP"s) will take place in several countries.
The main focus of a Bug Squashing Party is to triage and fix bugs, but
it is also an opportunity for users less familiar with the BTS to make
other contributions to the Debian project, such as translating package
descriptions or improving the wiki. Debian developers will be present
to help contributors understand how the project works and to help get
fixes into Debian.
1: http://wiki.debian.org/BSP
During the coming weekend, 17-19 February, a BSP will be held at the
[2] IRILL offices in Paris, France. This event will also be an opportunity
for potential contributors to meet Debian Developers or Maintainers.
Numerous regular contributors will attend this BSP and can help
newcomers to fix their first bugs. For organizational reasons,
registering on the [3] Debian wiki is mandatory.
2: http://www.irill.org/
3: http://wiki.debian.org/BSP/2012/02/fr/Paris
On 2-4 March, a BSP will be held in Cambridge, UK: people interested in
attending it are invited to add their names to its [4] wiki page.
4: http://wiki.debian.org/BSP/2012/03/gb/Cambridge
During the same weekend, 2-4 March, a BSP will also be held at [5] Credativ
offices in Mönchengladbach, Germany: more information is available on
the [6] Debian wiki.
5: http://www.credativ.de/
6: http://wiki.debian.org/BSP2012/Moenchengladbach
The following weekend another BSP will take place, on 10-11 March:
[7] Perth Linux Users Group is organizing a Debian Bug Squashing Party at
the [8] University Computer Club in Perth, Western Australia. For more
information, visit its [9] wiki page.
7: http://www.plug.org.au/
8: http://www.ucc.asn.au/
9: http://wiki.debian.org/BSP/2012/03/au/Perth
Over 11-13 May, another Debian BSP will be held in the UK, at York. For
this BSP, however, there is an upper limit of ten to twelve attendees,
for logistical reasons. For more information visit the [10] wiki page.
10: http://wiki.debian.org/BSP/2012/05/en/York
If you want to organize a BSP, you can find all the necessary
information on this [11] wiki page. The Debian Project invites all users
and contributors to attend these events and make "Wheezy" ready for
release sooner!
11: http://wiki.debian.org/HostingBSP
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-02-15T23:43:54"Wheezy" artwork contest: call for proposals
http://permalink.gmane.org/gmane.linux.debian.user.announce/74
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
"Wheezy" artwork contest: call for proposals press< at >lists.debian.org
February 13th, 2012 http://www.debian.org/News/2012/20120213
------------------------------------------------------------------------
"Wheezy" artwork contest: call for proposals
An important part of any operating system is its look and feel. Debian
is no exception. If you've ever wanted to influence the look and feel
of an operating system, now is your chance. The Debian Project is
calling for contributors to design graphics for the next release of the
Universal Operating System, called "Wheezy".
If you would like to get involved, visit the [1] wiki page to get started.
You'll see what the requirements are for submitting artwork, as well as
a form to submit your own work to Debian. You can send questions to the
[2] debian-desktop mailing list if you have any.
1: http://wiki.debian.org/DebianDesktop/Artwork/Wheezy
2: http://lists.debian.org/debian-desktop
Thanks very much and everyone looks forward to seeing your work!
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-02-13T23:24:00Security Support for Debian GNU/Linux 5.0 terminated on February 6th
http://permalink.gmane.org/gmane.linux.debian.user.announce/73
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Security Support for Debian 5.0 terminated press< at >lists.debian.org
http://www.debian.org/News/2012/20120209
------------------------------------------------------------------------
February 9th, 2012
Security Support for Debian GNU/Linux 5.0 terminated on February 6th
--------------------------------------------------------------------
One year after the release of Debian GNU/Linux 6.0 alias "Squeeze" and
nearly three years after the release of Debian GNU/Linux 5.0 alias
"Lenny" the security support for the old distribution (5.0 alias
"Lenny") came to an end a few days ago. The Debian project is proud to
have been able to support its old distribution for such a long time and
even for one year after a new version has been released.
The Debian project released Debian GNU/Linux 6.0 alias "Squeeze" on
the 6th of February 2011. Users and distributors have been given a
one-year timeframe to upgrade their old installations to the current
stable release. Hence, the security support for the old release of 5.0
ended on the 6th of February 2012 as previously announced.
Previously announced security updates for the old release will continue
to be available on security.debian.org.
Security Updates
----------------
The Debian Security Team provides security updates for the current
distribution via <http://security.debian.org/>. Security updates for
the old distribution are also provided for one year after the new
distribution has been released or until the current distribution is
superseded, whatever happens first.
Upgrading to Debian 6.0 alias "Squeeze"
--------------------------------------
Upgrades to Debian GNU/Linux 6.0 from the previous release, Debian
GNU/Linux 5.0 alias "Lenny", are automatically handled by the
aptitude package management tool for most configurations, and to a
certain degree also by the apt-get package management tool. As always,
Debian GNU/Linux systems can be upgraded painlessly, in place, without
any forced downtime, but it is strongly recommended to read therelease
notes for possible issues, and for detailed instructions on installing
and upgrading.
About Debian
------------
Debian GNU/Linux is a free operating system, developed by more than
thousand volunteers from all over the world who collaborate via the
Internet. Debian's dedication to Free Software, its non-profit nature,
and its open development model make it unique among GNU/Linux
distributions.
The Debian project's key strengths are its volunteer base, its
dedication to the Debian Social Contract, and its commitment to provide
the best operating system possible. Debian 6.0 is another important
step in that direction.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Francesca Ciceri2012-02-09T19:38:24Updated Debian 6.0: 6.0.4 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/72
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.4 released press< at >lists.debian.org
January 28th, 2012 http://www.debian.org/News/2012/20120128
------------------------------------------------------------------------
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 6.0 (codename "squeeze" ). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustments to serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
PackageReason
adolcRemove Visual C++ runtime from windows/
directory
backuppcFix data corruption in tarballs due to
logging to stdout and two XSS issues
base-filesUpdate /etc/debian_version for the
point release
base-installer Add POWER7 to the powerpc64 family
bti Fix identi.ca OAuth URLs
bugzillaSecurity fixes
byobu Correct postinst chmod semantics
bzip2 Fix CVE-2011-4089
c-aresFix encoded length for indirect root
cherokeeAvoid brute-forceable password in
cherokee-admin
cifs-utils Fix mtab corruption issues
clamavNew upstream version; fix potential DoS
clamz Handle unencrypted amz files
cpufrequtils Load powernow-k8 for AMD family 20
(i.e. AMD E-350 cpus); better support
3.0 kernels
debian-installerStop menu falling off the screen
debian-installer-netboot-imagesUpdate to d-i 20110106+squeeze4
dpkg Add armhf to {os,triplet}table; defer
hardlink renames; do not fail to unpack
shared directories missing on the file
system from packages being replaced by
other packages
eglibcNew upstream stable release plus fixes
from stable branch
erlangFix CVE-2011-0766 (cryptographic
weakness) in the erlang ssh application
etherape Null pointer dereferences
gimp Fix printing when used with libcairo
version 1.10 or above
gnutls26 Fix buffer overflow in
gnutls_session_get_data()
hplip Fix insecure use of temporary file
ia32-libs Update packages
ia32-libs-gtk Update packages
ifupdown-extraHandle moved location of ethtool; fix
handling of "rejects" in static-route;
use --tmpdir for temporary files; move
/etc/network/network-routes to
/e/n/routes; documentation updates
iotop Give a helpful error instead of
crashing when Linux denies permission
to read the taskstats files
jabberbot Bind callbacks after the roster has
been initialised
kernel-wedge Add et131x to nic-extra-modules; add
isci to scsi-extra-modules; add
xhci-hcd to usb-modules
killerUse DNS for mail domain rather than
NIS; stop cron job failing when package
is removed
ldap2zone Don't send mail on success; syslog
instead
libdata-formvalidator-perlFix possible passing of invalid data in
untaint mode
libdebian-installer Detect IBM pSeries platform as
powerpc/chrp_ibm
libdigest-perlFix unsafe use of eval in Digest->new()
libhtml-template-pro-perlFix XSS
libjifty-dbi-perlSQL injection
libmtpAdd support for Motorola Xoom devices
libpar-packer-perlFix use of unsafe and predictable
temporary directories
libpar-perl Fix use of unsafe and predictable
temporary directories
linux-2.6 Fixes for xen regression, GRO/GSO IPv6
forwarding, ppc vserver; add stable
releases 2.6.32.47-54, various fixes;
fix tg3 regression; xen fixes
linux-kernel-di-amd64-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-armel-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-i386-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-ia64-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mips-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mipsel-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-s390-2.6Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-sparc-2.6Rebuild against linux-2.6 kernel
2.6.32-41
masqmail Fix improper seteuid() calls
mdadm Quieten some cron messages; don't break
when no scheduling class is specified
or no devices are active; LSB header
updates
mediawiki Fix unintended exposure of hidden
content through cache pollution;
disable CVE-2011-4360.patch; doesn't
apply to this version and causes errors
module-init-toolsSupport 3.0 kernels
multipath-tools Change HP hardware handler to hp_sw;
update man pages
mutt Fix validation of commonname (gnutls)
nfs-utils Allow negotiated enctypes to be limited;
avoid corrupting mtab
nginx Fix compression pointer processing in
DNS response greater than 255 bytes
nss-pam-ldapd Correctly parse /etc/nsswitch.conf,
detect calling process identity and fix
disconnect logic
partman-targetStop treating ISO hybrid images on USB
sticks as real optical drives
pastebinit Fix support for user configuration
files
pbuilder Rename the /run script from --execute
to /runscript, for compatibility with
wheezy and later which have /run as a
directory replacing /var/run
perl Unregister signal handler before
destroying my_perl; fixes segfault;
minor security fixes
phppgadmin Fix XSS
pidginFix remote crash issues
postgresql-8.4New upstream micro-release
pure-ftpd Fix man in the middle attack on
encrypted sessions
python-debian Allow ":" as the first character of a
value
python3-defaultsIgnore binary files while checking
shebangs
qemu-kvm Fix NIC hotplug from libvirt
quassel Fix missing translations
recollPlug conversion descriptor leak in
unac.c::convert() error path
rng-tools Work around VIA Nano xstore bug; add
3.0 kernel support
rpm Fix malformed header parsing
samba Allow using unencrypted passwords with
Windows clients with KB2536276
installed
shorewall Install missing
/usr/share/shorewall/helpers
shorewall-liteInstall missing
/usr/share/shorewall/helpers
shorewall6 Install missing
/usr/share/shorewall/helpers
shorewall6-lite Install missing
/usr/share/shorewall/helpers
slbackup Fix path to configuration file in the
cron job
slbackup-php Fix login issues, deal with blanks in
filenames, fix last failed timestamp
tinyproxy Validate port number specified in
configuration
tzdataNew upstream version; add DST for
America/Bahia
user-mode-linux Rebuild against linux-source-2.6.32
(2.6.32-41)
webkitAvoid doing lots of needless NULL DNS
lookups
whatsnewfm Handle renaming of freshmeat
to freshcode
xorg-server GLX: add missing input sanitization;
fix a file disclosure vulnerability and
a file permission change vulnerability
xpdf Fix insecure temporary file usage
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory IDPackageCorrection(s)
DSA-2181subversionDenial of service
DSA-2251 subversionMultiple issues
DSA-2283 krb5-applProgramming error
DSA-2284 opensaml2Implementation error
DSA-2301 railsMultiple issues
DSA-2311 openjdk-6Multiple issues
DSA-2315 openoffice.orgMultiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2322 bugzillaMultiple issues
DSA-2323 radvdMultiple issues
DSA-2324 wiresharkProgramming error
DSA-2325 kfreebsd-8Privilege escalation/denial
of service
DSA-2326 pamMultiple issues
DSA-2327 libfcgi-perlAuthentication bypass
DSA-2328 freetypeMissing input sanitising
DSA-2329 torqueBuffer overflow
DSA-2330 simplesamlphpMultiple issues
DSA-2331 torMultiple issues
DSA-2332 python-djangoMultiple issues
DSA-2333 phpldapadminMultiple issues
DSA-2334 maharaMultiple issues
DSA-2335 man2htmlMissing input sanitization
DSA-2337 xenMultiple issues
DSA-2338 moodleMultiple issues
DSA-2339 nssMultiple issues
DSA-2340 postgresql-8.4Weak password hashing
DSA-2341 iceweaselMultiple issues
DSA-2342 iceapeMultiple issues
DSA-2343 opensslCA trust revocation
DSA-2344python-django-pistonDeserialization vulnerability
DSA-2345 icedoveMultiple issues
DSA-2346 proftpd-dfsgMultiple issues
DSA-2347 bind9Improper assert
DSA-2348 systemtapMultiple issues
DSA-2349spipMultiple issues
DSA-2350freetypeMissing input sanitising
DSA-2351wiresharkBuffer overflow
DSA-2353ldnsBuffer overflow
DSA-2354cupsMultiple issues
DSA-2355clearsilverFormat string vulnerability
DSA-2356openjdk-6Multiple issues
DSA-2357evinceMultiple issues
DSA-2361chasenBuffer overflow
DSA-2362acpidMultiple issues
DSA-2363torBuffer overflow
DSA-2364xorgIncorrect permission check
DSA-2366mediawikiMultiple issues
DSA-2367asteriskMultiple issues
DSA-2368lighttpdMultiple issues
DSA-2369libsoup2.4Directory traversal
DSA-2370unboundMultiple issues
DSA-2371jasperBuffer overflows
DSA-2372heimdalBuffer overflow
DSA-2373inetutilsBuffer overflow
DSA-2374openswanImplementation error
DSA-2375krb5-applBuffer overflow
DSA-2376ipmitoolInsecure pid file
DSA-2377cyrus-imapd-2.2Denial of service
DSA-2378ffmpegMultiple issues
DSA-2379krb5Multiple issues
DSA-2380foomatic-filtersShell command injection
DSA-2381squid3Invalid memory deallocation
DSA-2382ecryptfs-utilsMultiple issues
DSA-2383superBuffer overflow
DSA-2384cactiMultiple issues
DSA-2385pdnsPacket loop
DSA-2386openttdMultiple issues
DSA-2387simplesamlphpCross site scripting
DSA-2388t1libMultiple issues
DSA-2390opensslMultiple issues
DSA-2391phpmyadminMultiple issues
DSA-2392opensslOut-of-bounds read
DSA-2393bipBuffer overflow
Debian Installer
----------------
The installer has been updated with this point release to add support
for installing on POWER7 machines and to adjust the dimensions of the
initial boot menu to avoid issues with some screens.
The kernel used by the installer has been updated to include various
security fixes and to add support for Agere ET-1310-based network cards
(et131x driver), Intel C600-series SAS/SATA controllers (isci driver)
and USB 3.0 controllers (xhci driver).
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
PackageReason
partlibrary Non-distributable
cad Non-distributable
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/squeeze/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
Stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press< at >debian.org>, or contact the
stable release team at <debian-release< at >lists.debian.org>.
</pre>Francesca Ciceri2012-01-28T15:36:17Updated Debian 6.0: 6.0.3 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/71
<pre>-------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.3 released press< at >debian.org
October 8th, 2011 http://www.debian.org/News/2011/20111008
-------------------------------------------------------------------------
Updated Debian 6.0: 6.0.3 released
The Debian project is pleased to announce the third update of its stable
distribution Debian 6.0 (codename "Squeeze"). This update mainly adds
corrections for security problems to the stable release, along with a few
adjustments to serious problems. Security advisories were already
published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
PackageReason
ace Rebuild to drop non-distributable files
akonadi Support the use of network-mounted $HOME
amispammer Update service used for discovering the local IP address
apache2 Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp; various documentation and init script fixes
aptitude Fix symlink attack in hierarchy editor
arcboot Fix netinstall on IP22 / IP32
atop Insecure use of temporary files
base-files Update /etc/debian_version for the point release
brltty Fix parsing brltty= when not all parameters are provided; setup gconf even if no table was specified
clamav New upstream release; fix off-by-one and "opcode 20 not implemented" errors
clive Adapt for youtube.com changes
conky Fix file overwrite vulnerability
ctdb Fix path to ethtool and activation of httpd service
debian-installer-utils Set SUDO_FORCE_REMOVE=yes to allow sudo-ldap to be installed from d-i
deja-dup Explicitly pass environment to subprocesses to ensure correct GPG operation on restores
dokuwiki RSS XSS security fix
dput Update backports configuration to use the new .d.o hosts
drupal6 Security fix for XSS in color module
firmware-nonfree Add VIA VT6656, Realtek RTL8105E-1 and RTL8168E-1/2/3 firmware
foo2zjs Fix insecure use of temporary file
freebsd-libs Move libsbuf.so.0 and libipx.so.2 to /lib
freebsd-utils Provide config files and init.d script for devd; enable ieee80211 (wireless) in ifconfig
gajim Fix high CPU load on connection
gdebi Try to determine correct localized value for "Y"
gdm3 Only show shutdown options when requested; fix double free; only set WINDOWPATH if not NULL; remove beep in PAM dialog patch
git Fix off-by-one parsing commit subjects; prevent deadlock when shallow-cloning; documentation updates
grub-installer Allow use of grub-legacy to be pre-seeded (if appropriate)
grub2 Handle Xen split-partition disk image devices; ensure uniqueness of RAID array numbers; fix grub-probe detection for ATA devices using "ata" driver on kFreeBSD 9
heimdal Allow DES to be used with NFS
httpcomponents-client Fix bug causing Proxy-Authorization header to be passed to target hosts
ia32-libs Refresh packages from stable and security
ia32-libs-gtk Refresh packages from stable and security
ibid Fix various security issues; make the HTTP source work again
ipmitool Fix segfault
kde4libs Prevent marked text being cut when switching documents in kate
kernel-wedge Stop considering acpi.ko as part of the kernel for kFreeBSD
kfreebsd-8 Fix net802.11 stack kernel memory disclosure (CVE-2011-2480); merge backported if_msk driver from 8-STABLE; re-enable building of some modules
kfreebsd-kernel-di-amd64 Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
kfreebsd-kernel-di-i386 Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
krb5 Permit gss_set_allowable_enctypes to restrict acceptor enctypes, allowing newer clients to use a Squeeze NFS server without degrading security for non-NFS applications
kupfer Don't crash if Evolution address book not present
libpcap Fix corruption of snapshot length on live captures; fix device detection when bonding in use
lintian Fix information disclosure issues
linux-2.6 Update to long-term release 2.6.32.46; backport network driver changes
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-38
mesa GLX: suppress BadRequest from DRI2Connect (expected for non-local clients)
mod-gnutls Fix segmentation faults
nagvis Install documentation; properly apply FollowSymlinks; only call ucf if available
nss-pam-ldapd Fix uninitialised memory while parsing the tls_ciphers; fix problem with partial attribute name matches in DN; make all string buffers able to represent 64-bit numbers; treat the "hard" value for tls_reqcert as if it was "demand"
openarena Fix arbitrary code execution by malicious bytecode
opencv Fix install path of opencv-doc; optimise i386 package for i486
openssh Quieten logs when multiple from= restrictions are used in different authorized_keys lines for the same key
openssl Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
pianobar Support XMLRPC API version 31
pmake Fix symlink attack via temporary files
postgresql-8.4 Fix regression due to "fix plpgsql's issues with dropped columns in rowtypes in 8.4 branch"
python-recaptcha Update URLs for web service move to google.com
quassel Fix DoS via CTCP
red5 Add missing dependency on glassfish-javaee
sbcl Fix reference to undefined asdf::split in the asdf-install module
shelldap Exit with a nicer error message if IO::Socket::SSL isn't installed, but SSL/TLS was requested
system-tools-backends Properly handle config file rename
tesseract Fix file overwrite vulnerability by disabling xterm-based debug windows
typo3-src Fix cache flooding via improper error handling
tzdata New upstream version
update-inetd Fix breakage with non-default inetd packages
usbutils Update USB ID list; build-depend on libusb2-dev on kFreeBSD
user-mode-linux Rebuild against linux-2.6 2.6.32-37
v86d Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS
vftool Fix a buffer overflow in linetoken() in parseAFM.c
vte Fix DoS
widelands Fix network play on official maps (regression introduced by previous update)
win32-loader Add Built-Using header; allow suite-specific versions; document versions of embedded software
xapian-omega Fix escaping issues in templates
zfsutils Update LSB init headers to ensure clean startup/shutdown; add bash-completion script
Note that the krb5 change mentioned above requires a further update to
the "nfs-common" package before it will be effective. It is hoped that
this update will be included in the next point release.
During the final stages of the point release, it was noticed that the
"quassel" package no longer included any translation files. It is hoped
that an update restoring the translations will be available soon via
"squeeze-updates" and included in the next point release.
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
Advisory ID PackageCorrection(s)
DSA-2188 webkit Multiple issues
DSA-2210 tiff Multiple issues
DSA-2228 iceweasel Multiple issues
DSA-2248 ejabberd Denial of service
DSA-2252 dovecot Programming error
DSA-2254 oprofile Command injection
DSA-2256 tiff Buffer overflow
DSA-2258 kolab-cyrus-imapd Implementation error
DSA-2266 php5 Multiple issues
DSA-2267 perl Restriction bypass
DSA-2268 iceweasel Multiple issues
DSA-2269 iceape Multiple issues
DSA-2270 qemu-kvm Programming error
DSA-2271 curl Improper delegation of client credentials
DSA-2272 bind9 Denial of service
DSA-2273 icedove Multiple issues
DSA-2274 wireshark Multiple issues
DSA-2276 asterisk Multiple issues
DSA-2277 xml-security-c Buffer overflow
DSA-2279 libapache2-mod-authnz-externalSQL injection
DSA-2280 libvirt Multiple issues
DSA-2281 opie Multiple issues
DSA-2282 qemu-kvm Multiple issues
DSA-2285 mapserver Multiple issues
DSA-2287 libpng Multiple issues
DSA-2288 libsndfile Integer overflow
DSA-2289 typo3-src Multiple issues
DSA-2291 squirrelmail Multiple issues
DSA-2292 isc-dhcp Denial of service
DSA-2293 libxfont Buffer overflow
DSA-2294 freetype Missing input sanitization
DSA-2295 iceape Multiple issues
DSA-2296 iceweasel Multiple issues
DSA-2297 icedove Multiple issues
DSA-2298 apache2 Denial of service
DSA-2299 ca-certificates Blacklist "DigiNotar Root CA"
DSA-2300 nss Compromised certificate authority
DSA-2301 rails Multiple issues
DSA-2302 bcfg2 Arbitrary code execution
DSA-2303 user-mode-linux Multiple issues
DSA-2303 linux-2.6 Multiple issues
DSA-2304 squid3 Buffer overflow
DSA-2305 vsftpd Denial of service
DSA-2306 ffmpeg Multiple issues
DSA-2307 chromium-browser Multiple issues
DSA-2308 mantis Multiple issues
DSA-2309 openssl Compromised certificate authority
DSA-2312 iceape Multiple issues
DSA-2313 iceweasel Multiple issues
DSA-2314 puppet Multiple issues
DSA-2316 quagga Multiple issues
DSA-2317 icedove Multiple issues
Debian Installer
----------------
The Debian Installer has been updated in this point release to
correct the following issues (among others):
* fix netinstall on IP22 / IP32 (mips)
* allow use of grub-legacy to be pre-seeded (if appropriate)
The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with updates to
the e1000e, igb, igbvf, r8169, tg3, and broadcom network drivers to add
support for additional hardware.
The GNU/kFreeBSD installer also incorporates an updated kernel image
including an updated if_msk Gigabit Ethernet driver.
URLs
----
The complete lists of packages that have changed with this
revision:
http://ftp.debian.org/debian/dists/squeeze/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
Stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press< at >debian.org>, or contact the
stable release team at <debian-release< at >lists.debian.org>.
</pre>Alexander Reichle-Schmehl2011-10-09T08:28:17Updated Debian 5.0: 5.0.9 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/70
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 5.0: 5.0.9 released press< at >debian.org
October 1st, 2011 http://www.debian.org/News/2011/20111001
------------------------------------------------------------------------
Updated Debian 5.0: 5.0.9 released
The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian GNU/Linux 5.0 (codename "lenny"). This
update mainly adds corrections for security problems to the oldstable
release, along with a few adjustment to serious problems. Security
advisories were already published separately and are referenced where
available.
Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included. There is
no need to throw away 5.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page)
to one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
Package Reason
aptitude Fix symlink attack in hierarchy editor
atop Insecure use of temporary files
base-files Update /etc/debian_version for the point release
conky Fix file overwrite vulnerability
dokuwiki RSS XSS security fix
klibc Escape ipconfig's DHCP options
linux-2.6 Several security updates and select fixes from upstream 2.6.27.58/9
magpierss Fix cross-site scripting vulnerability (CVE-2011-0740)
mediawiki Protect against CSS injection vulnerability
openldap Security fixes
openssl Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
pmake Fix symlink attack via temporary files
sun-java6 New upstream security update
tesseract Disable xterm-based debug windows to avoid file overwrite vulnerability
tzdata New upstream version
user-mode-linux Rebuild against linux-2.6 2.6.26-27
v86d Fix CVE-2011-1070: failure to validate netlink message sender;
do not include random kernel headers in CFLAGS
vftool Fix a buffer overflow in linetoken() in parseAFM.c
xorg-server GLX: don't crash in SwapBuffers if we don't have a context
Due to the timing of this point release relative to the next update for
the stable release (Debian 6.0 "squeeze"), the versions of atop and
tzdata included in this point release are higher than the corresponding
packages currently in stable. The next stable point release is planned
for one week's time, after which the package versions in stable will
once again be higher, as expected.
We do not expect that this situation will cause any issues with upgrades
from oldstable to the stable release during this short period of time,
but please report any such issues which do arise. (See the "Contact
Information" section below).
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2043 vlc Arbitrary code execution
DSA-2149 dbus Denial of service
DSA-2150 request-tracker3.6 Salt password hashing
DSA-2151 openoffice.org Multiple issues
DSA-2152 hplip Buffer overflow
DSA-2153 linux-2.6 Multiple issues
DSA-2153 user-mode-linux Multiple issues
DSA-2154 exim4 Privilege escalation
DSA-2155 freetype Multiple issues
DSA-2156 pcsc-lite Buffer overflow
DSA-2157 postgresql-8.3 Buffer overflow
DSA-2158 cgiirc Cross-site scripting flaw
DSA-2165 ffmpeg-debian Buffer overflow
DSA-2167 phpmyadmin SQL injection
DSA-2168 openafs Multiple issues
DSA-2169 telepathy-gabble Missing input validation
DSA-2170 mailman Multiple issues
DSA-2171 asterisk Buffer overflow
DSA-2172 moodle Multiple issues
DSA-2173 pam-pgsql Buffer overflow
DSA-2174 avahi Denial of service
DSA-2175 samba Missing input sanitising
DSA-2176 cups Multiple issues
DSA-2179 dtc SQL injection
DSA-2181 subversion Denial of service
DSA-2182 logwatch Remote code execution
DSA-2183 nbd Arbitrary code execution
DSA-2186 xulrunner Multiple issues
DSA-2191 proftpd-dfsg Multiple issues
DSA-2195 php5 Multiple issues
DSA-2196 maradns Buffer overflow
DSA-2197 quagga Denial of service
DSA-2200 nss Compromised certificate authority
DSA-2200 xulrunner Update HTTPS certificate blacklist
DSA-2201 wireshark Multiple issues
DSA-2203 nss Update HTTPS certificate blacklist
DSA-2204 imp4 Insufficient input sanitising
DSA-2206 mahara Multiple issues
DSA-2207 tomcat5.5 Multiple issues
DSA-2208 bind9 Issue with processing of new DNSSEC DS records
DSA-2210 tiff Multiple issues
DSA-2211 vlc Missing input sanitising
DSA-2213 x11-xserver-utils Missing input sanitizing
DSA-2214 ikiwiki Missing input validation
DSA-2217 dhcp3 Missing input sanitizing
DSA-2219 xmlsec1 File overwrite
DSA-2220 request-tracker3.6 Multiple issues
DSA-2225 asterisk Multiple issues
DSA-2226 libmodplug Buffer overflow
DSA-2228 xulrunner Multiple issues
DSA-2233 postfix Multiple issues
DSA-2234 zodb Multiple issues
DSA-2242 cyrus-imapd-2.2 Implementation error
DSA-2243 unbound Design flaw
DSA-2244 bind9 Wrong boundary condition
DSA-2246 mahara Multiple issues
DSA-2247 rails Multiple issues
DSA-2248 ejabberd Denial of service
DSA-2250 citadel Denial of service
DSA-2253 fontforge Buffer overflow
DSA-2254 oprofile Command injection
DSA-2255 libxml2 Buffer overflow
DSA-2260 rails Multiple issues
DSA-2264 linux-2.6 Multiple issues
DSA-2264 user-mode-linux Multiple issues
DSA-2266 php5 Multiple issues
DSA-2268 xulrunner Multiple issues
DSA-2272 bind9 Denial of service
DSA-2274 wireshark Multiple issues
DSA-2276 asterisk Multiple issues
DSA-2277 xml-security-c Buffer overflow
DSA-2278 horde3 Multiple issues
DSA-2280 libvirt Multiple issues
DSA-2286 phpmyadmin Multiple issues
DSA-2288 libsndfile Integer overflow
DSA-2289 typo3-src Multiple issues
DSA-2290 samba Cross-side scripting
DSA-2291 squirrelmail Multiple issues
DSA-2292 dhcp3 Denial of service
DSA-2293 libxfont Buffer overflow
DSA-2294 freetype Missing input sanitization
DSA-2296 xulrunner Multiple issues
DSA-2298 apache2 Denial of service
DSA-2298 apache2-mpm-itk Denial of service
DSA-2300 nss Compromised certificate authority
DSA-2301 rails Multiple issues
DSA-2302 bcfg2 Arbitrary code execution
DSA-2304 squid3 Buffer overflow
DSA-2308 mantis Multiple issues
DSA-2309 openssl Compromised certificate authority
DSA-2310 linux-2.6 Multiple issues
Debian Installer
----------------
The Debian Installer has been updated to incorporate a new kernel
containing a number of important and security-related fixes.
Removed package
---------------
The following package was removed due to circumstances beyond our control:
Package Reason
pixelpost Unmaintained, multiple security issues
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/squeeze/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press< at >debian.org>, or contact
the stable release team at <debian-release< at >lists.debian.org>
</pre>Joey Schulze2011-10-01T18:18:47Community Distribution Patent Policy FAQ now available
http://permalink.gmane.org/gmane.linux.debian.user.announce/69
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Community Distribution Patent Policy FAQ available press< at >debian.org
July 9th, 2011 http://www.debian.org/News/2011/20110709
------------------------------------------------------------------------
Community Distribution Patent Policy FAQ now available
The Debian Project is pleased to announce the availability of the
Community Distribution Patent Policy FAQ [1], a document meant to
educate Free Software developers, and especially distribution editors,
about software patent risks.
1: http://www.debian.org/reports/patent-faq
The FAQ has been prepared by lawyers at Software Freedom Law Center [2]
(SFLC) at the request of and with input from the Debian Project. While
the document does not constitute legal advice, it provides insights on
dealing with software patents, which might be applicable to other
community-driven Free Software distributions.
2: http://www.softwarefreedom.org
The Debian Project maintains a critical stance towards software patents:
we consider software patents a threat to Free Software and we believe
they provide no advantages in promoting software innovation.
At the same time, given the 'de facto' possibility of patenting software
related ideas in several countries around the world, it is important for
Free Software developers and distributors to neither underestimate nor
overestimate software patent issues. "Patent FUD is a serious problem,
as is the risk of patent aggression against Free Software," said Eben
Moglen, founding director of the Software Freedom Law Center. "SFLC is
pleased to work with Debian to help volunteers for community
distributions everywhere understand the real risks, and real solutions,
without being disheartened by fear, uncertainty, and doubt."
We believe that the Community Distribution Patent Policy FAQ helps in
that respect and we are glad to make it available to others. "Debian, as
many other community distributions, has often had troubles in assessing
the risks of patent aggression toward volunteer developers. I'm glad and
thrilled about the opportunity we have of collaborating with SFLC to
shed some light on these matters." said Stefano Zacchiroli, Debian
Project Leader. "We will do our best to disseminate our findings, in a
humble attempt to minimize the damages that software patents, and some
of their myths, cause every day to Free Software."
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly free
community project. Since then the project has grown to be one of the
largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Stefano Zacchiroli2011-07-09T07:15:42Updated Debian 6.0: 6.0.2 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/68
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.2 released press< at >debian.org
June 25th, 2011 http://www.debian.org/News/2011/20110625
------------------------------------------------------------------------
Updated Debian 6.0: 6.0.1 released
The Debian project is pleased to announce the first update of its stable
distribution Debian 6.0 (codename "Squeeze"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments to serious problems.
Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
aide Properly support large files on 32-bit systems; fix group for bind9 log files
approx Don't try caching InRelease or non-.gz compressed files
apr Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*
apt Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support
apt-listchanges Correctly handle NEWS files containing only one entry
base-files Update /etc/debian_version
clive Adapt for liveleak.com changes
dbus Fix local DoS for system services (CVE-2011-2200)
deborphan Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes
dokuwiki Fix an ACL bypass issue in the XMLRPC interface
dpkg Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration
e2fsprogs Various bug fixes
fakechroot Fix 'debootstrap --variant=fakechroot'
fcgiwrap Fix init script's 'stop' target
gdm3 Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down
git Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user
gnome-settings-daemon Work around possible race condition when starting Xsettings manager
ia32-libs Refresh packages from stable and proposed-updates.
iceowl Security updates
im-config Avoid breaking login via GDM if im-config is removed but not purged
inn Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default
josm Give more verbose explanation to users who haven't agreed to the new OSM license
kde4libs Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes
kdenetwork Improve fix for CVE-2010-1000 directory traversal issue
kernel-wedge Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules
kerneltop Increase line buffer size to 1024 bytes
klibc ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)
krb5 Fix several security and interoperability problems
kupfer Use correct parameter type to allow keybindings to work again
libapache2-mod-perl2 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
libburn Don't create images with overly-restrictive permissions
libfinance-quotehist-perl Disable test suite, broken by website changes
libmms Fix alignment issues on arm
linux-2.6 New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables
linux-kernel-di-amd64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-armel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-i386-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-ia64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mips-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mipsel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-powerpc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-s390-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-sparc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
lua-expat Fix the 'billion laughs' DoS attack
monkeysphere Fix monkeysphere-host revoke-key
nagios-plugins Allocate a big enough buffer to handle all IPs of hosts being pinged
nsd3 Remove statoverride before removing the package's user
openldap Fix possible database corruption issues, several security issues and dpkg-reconfigure
php-svn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
php5 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
pianobar Update API keys for XMLRPC v30
postgresql-8.4 New upstream bugfix release; fix pg_upgrade use with TOAST tables
prosody Fix the 'billion laughs' DoS attack
puppet Fix service provider to properly use update-rc.d disable API
python-apt Strip multiarch by default in RealParseDepends; add XZ support
python-gudev Add missing dependency on python-gobject
q4wine Stop shipping the library in lib64
qemu Don't register qemu-mips(el) with binfmt on mips(el)
qemu-kvm Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit
qt4-x11 Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification
rapidsvn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
refpolicy Various permissions fixes
reprepro Handle Release files which don't contain md5sums
ruby1.8 Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8
samba Sevral bugfixes
schroot Fix loading of dchroot.conf
softhsm Remove statoverride entries before the package's user
sun-java6 New upstream security update
tzdata New upstream version
vimperator Resolve compatibility issues with iceweasel
widelands Fix potential security issue in Internet games
xenomai Adapt kernel patch to apply cleanly to squeeze's kernel
xserver-xorg-video-tseng Fix driver initialisation
Debian Installer
----------------
The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with support for
additional hardware.
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2161 openjdk-6 Denial of service
DSA-2193 libcgroup Several
DSA-2194 libvirt Privilege escalation
DSA-2195 php5 Several
DSA-2197 quagga Denial of service
DSA-2198 tex-common Insufficient input sanitizing
DSA-2199 iceape Update HTTPS certificate blacklist
DSA-2200 iceweasel Update HTTPS certificate blacklist
DSA-2201 wireshark Several
DSA-2202 apache2 Failure to drop root privileges
DSA-2203 nss Update HTTPS certificate blacklist
DSA-2205 gdm3 Privilege escalation
DSA-2206 mahara Several
DSA-2208 bind9 Denial of service
DSA-2209 tgt Double free
DSA-2211 vlc Missing input sanitising
DSA-2212 tmux Privilege escalation
DSA-2213 x11-xserver-utils Missing input sanitizing
DSA-2214 ikiwiki Missing input validation
DSA-2215 gitolite Directory traversal
DSA-2216 isc-dhcp Missing input sanitizing
DSA-2218 vlc Heap-based buffer overflow
DSA-2219 xmlsec1 File overwrite
DSA-2220 request-tracker3.8 Several
DSA-2221 libmojolicious-perl Directory traversal
DSA-2222 tinyproxy Incorrect ACL processing
DSA-2223 doctrine SQL injection
DSA-2224 openjdk-6 Several
DSA-2225 asterisk Several
DSA-2226 libmodplug Buffer overflow
DSA-2227 iceape Several
DSA-2229 spip Denial of service
DSA-2230 qemu-kvm Several
DSA-2231 otrs2 Cross-site scripting
DSA-2232 exim4 Format string vulnerability
DSA-2233 postfix Several
DSA-2235 icedove Several
DSA-2236 exim4 Command injection
DSA-2237 apr Denial of service
DSA-2238 vino Denial of service
DSA-2239 libmojolicious-perl Several
DSA-2240 user-mode-linux Several issues
DSA-2240 linux-2.6 Several issues
DSA-2241 qemu-kvm Implementation error
DSA-2242 cyrus-imapd-2.2 Implementation error
DSA-2244 bind9 Wrong boundary condition
DSA-2245 chromium-browser Several vulnerabilities
DSA-2246 mahara Several vulnerabilities
DSA-2247 rails Several vulnerabilities
DSA-2249 jabberd14 Denial of service
DSA-2250 citadel Denial of service
DSA-2254 oprofile Command injection
DSA-2255 libxml2 Buffer overflow
DSA-2257 vlc Buffer overflow
DSA-2259 fex Authentication bypass
DSA-2261 redmine Several
DSA-2262 moodle Several
DSA-2263 movabletype-opensource Several
DSA-2265 perl Missing taint check
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
ktsuss security issues; unmaintained
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/squeeze/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press< at >debian.org>, or contact
the stable release team at <debian-release< at >lists.debian.org>
</pre>Joey Schulze2011-06-25T16:02:44Updated Debian 6.0: 6.0.1 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/67
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.1 released press< at >debian.org
March 18th, 2011 http://www.debian.org/News/2011/20110319
------------------------------------------------------------------------
Updated Debian 6.0: 6.0.1 released
The Debian project is pleased to announce the first update of its
stable distribution Debian 6.0 (codename "Squeeze"). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt-dater Correct syntax of default configuration file
base-files Update /etc/debian_version for the point release
cdebconf Allow the GTK frontend to be used in a window managed environment
clamav New upstream bugfix release
clive Adapt for youtube.com changes
cmake Rebuild upstream tarball to remove undistributable Windows build systems files
console-setup Fix Swiss German, Bulgarian and Swedish keymaps in the installer
cryptsetup Install cryptkeyctl initramfs hook; lukadmin: avoid possible race conditions by invoking udevadm settle
dbconfig-common Fix version sorting logic bug on upgrade files in postinst
debian-reference Refer to squeeze-updates rather than volatile; fix URL for Debian Mirror Checker
debootstrap Fix --private-key and ar usage
deluge Fix hang on quit
desktop-base Fix plymouth output in dual-screen configurations
devscripts Make squeeze the default backports target; add wheezy{,-ignore} tags
eclipse Fix XSS in help browser application
exuberant-ctags Use memmove rather than strcpy on overlapping strings
ganeti Don't break permissions of /var/lock when running "gnt-node add"
gdm3 Handle del{group,user} failures gracefully; fix grep usage; use correct names for UTF-8 locales
gedit Fix important mistake in the Brazilian Portugese translation
git Fix escaping in gitweb, new add.ignoreErrors variable
gnome-screensaver Disable non-functional libnotify support
gnumed-client Install translations to the correct location
grub-installer Set debconf title to avoid reusing a previous one
ia32-libs Refresh packages from stable and proposed-updates
ia32-libs-core Refresh packages from stable and proposed-updates
ia32-libs-gtk Refresh packages from stable and proposed-updates
installation-guide Update content for squeeze
katoob Fix crash when setting tooltips
kde4libs Add a kconf_update script to migrate away from old KDE3 icon themes
kdebase-workspace Fix random but common krunner crashes
kernel-wedge Add hid-cherry and sdhci_pci modules
kfreebsd-8 Fix local DoS in TCP stack; emulate Catalan's middle-dot l/L characters by ASCII l/L
kgb-bot Fix version check to allow possible future security updates
krusader Properly fix problems terminating the application
libapache-mod-jk Ease upgrades from lenny by disabling SOCK_CLOEXEC use
libemail-mime-createhtml-perl Add missing dependency on libfile-policy-perl
libvirt Make init script 'status' target exit statuses LSB-compliant to assist monitoring
linux-2.6 Several fixes
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-31
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-31
magpierss Fix cross-site scripting vulnerability (CVE-2011-0740)
mcabber Fix crash, segfault, command-line corruption and FD leaks
mediawiki Fix a CSS injection vulnerability
mediawiki-extensions PHP 5.3 compatibility fixes for the confirmedit plugin
nautilus Fix crash in nautilus_file_peek_display_name()
network-manager Only comment out exact matches in /etc/network/interfaces; normalise keys in ifupdown parser; correctly handle device remova
ocrodjvu Fix upside-down generation of hocr data
ocsigen Add missing dependencies on lib{lwt-ssl,ocsigen-xhtml}-ocaml-dev
pdftk Support prompting for both owner and user passwords; allow filenames to start with "odd:, "even" or "end"
pulseaudio Fix pacmd hanging in poll() when reading from stdin very early
python-defaults Use full path to Python interpreters in pycompile to ease lenny to squeeze upgrades
samba Missing input sanisiting
sobby Ensure session files are writable by the sobby user
sudo Resolve interoperability issues between -H and HOME in env_keep
sun-java6 Several security fixes
ttf-liberation Correctly flag Liberation Mono as monospaced
tzdata New upstream release; update Chilean DST
usb-modeswitch-data Fix modeswitching lines for Huawei devices; add support for more devices
why Mark Squeeze's Coq version as a compatible prover
xorg-server Fix crashes with MCE remotes; fix rotation [nvidia]; drop support for XF86Config-4
xserver-xorg-video-intel Fix null pointer dereference and SDL-related issues
Debian Installer
----------------
The Debian Installer has been updated in this point release to correct
the following issues (among others):
* the activation of squeeze-updates on installations without a
network mirror caused a failure to be shown,
* the Swiss German, Bulgarian and Swedish keyboard layouts were
unusable during installation and
* wait longer for disks to initialize.
Furthermore it now supports installation on the following hardware:
* QNAP TS-112, TS-212 and TS-412 (new)
* QNAP TS-419P+ (new)
* Buffalo Linkstation LiveV3 (new)
* Buffalo Linkstation Mini (new)
* iBook G4 (restored)
* Cobalt (restored)
* SPARC hardware (restored functionality using CD-ROM installation media and atyfb graphics cards)
The kernel image used by the installer has been updated to incorporate
a number of important and security-related fixes together with support
for additional hardware.
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2157 postgresql-8.4 Buffer overflow
DSA-2158 cgiirc Cross-site scripting flaw
DSA-2160 tomcat6 Several issues
DSA-2162 openssl Invalid memory access
DSA-2163 python-django Cross-site scripting and CSRF protection improvements
DSA-2163 dajaxice Compatibility fix for CSRF protection improvements
DSA-2164 shadow Missing input sanitization
DSA-2166 chromium-browser Several vulnerabilities
DSA-2167 phpmyadmin SQL injection
DSA-2168 openafs Several vulnerabilities
DSA-2169 telepathy-gabble Missing input validation
DSA-2170 mailman Several vulnerabilities
DSA-2171 asterisk Buffer overflow
DSA-2173 pam-pgsql Buffer overflow
DSA-2174 avahi Denial of service
DSA-2175 samba Missing input sanisiting
DSA-2177 pywebdav SQL injection
DSA-2178 pango1.0 NULL pointer dereference
DSA-2180 iceape Several vulnerabilities
DSA-2182 logwatch Remote code execution
DSA-2184 isc-dhcp Denial of service
DSA-2185 proftpd-dfsg Integer overflow
DSA-2186 iceweasel Several vulnerabilities
DSA-2187 icedove Several vulnerabilities
DSA-2189 chromium-browser Several vulnerabilities
DSA-2190 wordpress Several vulnerabilities
DSA-2192 chromium-browser Several vulnerabilities
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/squeeze/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press< at >debian.org>, or contact
the stable release team at <debian-release< at >lists.debian.org>
</pre>Alexander Reichle-Schmehl2011-03-19T17:11:31Debian Archive Signing Key to be changed
http://permalink.gmane.org/gmane.linux.debian.user.announce/66
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian Archive Signing Key to be changed press< at >debian.org
February 9th, 2011 http://www.debian.org/News/2011/20110209
------------------------------------------------------------------------
Debian Archive Signing Key to be changed
The Debian Project wishes to announce the change of the GNU Privacy
Guard key used to digitally sign the archive reference files.
Signatures are used to ensure that packages installed by users are the
very same originally distributed by Debian and have not been exchanged
or tempered with.
Affected distributions are the Debian unstable branch (codenamed "Sid")
as well as the testing branch (codenamed "Wheezy"). The Debian Security
(security.debian.org) and Backports (backports.debian.org) archive also
start using the new key now. The current stable version Debian
GNU/Linux 6.0 (codenamed "Squeeze") and the current oldstable version
Debian GNU/Linux 5.0 (codenamed "Lenny") will have their ftpmaster
signature updated with their next point release.
The new key has already been distributed via the debian-archive-keyring
[1] package and is included in all current releases of Debian.
1: http://packages.debian.org/debian-archive-keyring
Starting with the next mirror update this evening only the new key will
be used.
For reference, the old key is:
pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31]
Key fingerprint = 150C 8614 919D 8446 E01E 83AF 9AA3 8DCD 55BE 302B
uid Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster< at >debian.org>
and the new one:
pub 4096R/473041FA 2010-08-27 [expires: 2018-03-05]
Key fingerprint = 9FED 2BCB DCD2 9CDF 7626 78CB AED4 B06F 4730 41FA
uid Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster< at >debian.org>
This key rollover is a normal maintainance task and was started in
August 2010 [2]. For security reasons Debian's archive signing keys
regularily expire after three years.
2: http://lists.debian.org/87d3t3as2k.fsf< at >gkar.ganneff.de
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Over a thousand
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating
system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Alexander Reichle-Schmehl2011-02-09T21:02:10Debian 6.0 "Squeeze" released
http://permalink.gmane.org/gmane.linux.debian.user.announce/65
<pre>-------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian 6.0 "Squeeze" released press< at >debian.org
February 5th, 2011 http://www.debian.org/News/2011/20110205a
-------------------------------------------------------------------------
Debian 6.0 "Squeeze" released
After 24 months of constant development, the Debian Project is proud to
present its new stable version 6.0 (code name "Squeeze"). Debian 6.0 is
a free operating system, coming for the first time in two flavours.
Alongside Debian GNU/Linux, Debian GNU/kFreeBSD is introduced with this
version as a "technology preview".
Debian 6.0 includes the KDE Plasma Desktop and Applications, the GNOME,
Xfce, and LXDE desktop environments as well as all kinds of server
applications. It also features compatibility with the FHS v2.3 and
software developed for version 3.2 of the LSB.
Debian runs on computers ranging from palmtops and handheld systems to
supercomputers, and on nearly everything in between. A total of nine
architectures are supported by Debian GNU/Linux: 32-bit PC / Intel
IA-32 (i386), 64-bit PC / Intel EM64T / x86-64 (amd64), Motorola/IBM
PowerPC (powerpc), Sun/Oracle SPARC (sparc), MIPS (mips (big-endian)
and mipsel (little-endian)), Intel Itanium (ia64), IBM S/390 (s390),
and ARM EABI (armel).
Debian 6.0 "Squeeze" introduces technical previews of two new ports to
the kernel of the FreeBSD project using the known Debian/GNU userland:
Debian GNU/kFreeBSD for the 32-bit PC (kfreebsd-i386) and the 64-bit PC
(kfreebsd-amd64). These ports are the first ones ever to be included in
a Debian release which are not based on the Linux kernel. The support
of common server software is strong and combines the existing features
of Linux-based Debian versions with the unique features known from the
BSD world. However, for this release these new ports are limited; for
example, some advanced desktop features are not yet supported.
Another first is the completely free Linux kernel, which no longer
contains problematic firmware files. These were split out into separate
packages and moved out of the Debian main archive into the non-free
area of our archive, which is not enabled by default. In this way
Debian users have the possibility of running a completely free
operating system, but may still choose to use non-free firmware files
if necessary. Firmware files needed during installation may be loaded
by the installation system; special CD images and tarballs for USB
based installations are available too. More information about this may
be found in the Debian Firmware wiki page.
1: http://wiki.debian.org/Firmware
Furthermore, Debian 6.0 introduces a dependency based boot system,
making system start-up faster and more robust due to parallel execution
of boot scripts and correct dependency tracking between them. Various
other changes make Debian more suitable for small form factor
notebooks, like the introduction of the KDE Plasma Netbook shell.
This release includes numerous updated software packages, such as:
* KDE Plasma Workspaces and KDE Applications 4.4.5
* an updated version of the GNOME desktop environment 2.30
* the Xfce 4.6 desktop environment
* LXDE 0.5.0
* X.Org 7.5
* OpenOffice.org 3.2.1
* GIMP 2.6.11
* Iceweasel 3.5.16 (an unbranded version of Mozilla Firefox)
* Icedove 3.0.11 (an unbranded version of Mozilla Thunderbird)
* PostgreSQL 8.4.6
* MySQL 5.1.49
* GNU Compiler Collection 4.4.5
* Linux 2.6.32
* Apache 2.2.16
* Samba 3.5.6
* Python 2.6.6, 2.5.5 and 3.1.3
* Perl 5.10.1
* PHP 5.3.3
* Asterisk 1.6.2.9
* Nagios 3.2.3
* Xen Hypervisor 4.0.1 (dom0 as well as domU support)
* OpenJDK 6b18
* Tomcat 6.0.18
* more than 29,000 other ready-to-use software packages, built from
nearly 15,000 source packages.
Debian 6.0 includes over 10,000 new packages like the browser Chromium,
the monitoring solution Icinga, the package management frontend
Software Center, the network manager wicd, the Linux container tools
lxc and the cluster framework Corosync.
With this broad selection of packages, Debian once again stays true to
its goal of being the universal operating system. It is suitable for
many different use cases: from desktop systems to netbooks; from
development servers to cluster systems; and for database, web or
storage servers. At the same time, additional quality assurance efforts
like automatic installation and upgrade tests for all packages in
Debian's archive ensure that Debian 6.0 fulfils the high expectations
that users have of a stable Debian release. It is rock solid and
rigorously tested.
Starting from Debian 6.0, the "Custom Debian Distributions" are renamed
to "Debian Pure Blends" [2]. Their coverage has increased as Debian 6.0
adds >Debian Accessibility [3], DebiChem [4], Debian EzGo [5], Debian
GIS [6] and Debian Multimedia [7] to the already existing Debian Edu
[8], Debian Med [9] and Debian Science [10] "pure blends". The full
content of all the blends can be browsed [11], including prospective
packages that users are welcome to nominate for addition to the next
release.
2: http://blends.alioth.debian.org/
3: http://www.debian.org/devel/debian-accessibility/
4: http://debichem.alioth.debian.org/
5: http://wiki.debian.org/DebianEzGo
6: http://wiki.debian.org/DebianGis
7: http://blends.alioth.debian.org/multimedia/tasks/index
8: http://wiki.debian.org/DebianEdu
9: http://www.debian.org/devel/debian-med/
10: http://wiki.debian.org/DebianScience
11: http://blends.alioth.debian.org/
Debian may be installed from various installation media such as Blu-ray
Discs, DVDs, CDs and USB sticks or from the network. GNOME is the
default desktop environment and is contained on the first CD. Other
desktop environments &mdash; KDE Plasma Desktop and Applications, Xfce,
or LXDE &mdash; may be installed through two alternative CD images. The
desired desktop environment may also be chosen from the boot menus of
the CDs/DVDs. Again available with Debian 6.0 are multi-architecture
CDs and DVDs which support installation of multiple architectures from
a single disc. The creation of bootable USB installation media has
also been greatly simplified; see the Installation Guide [12] for more
details.
12: http://www.debian.org/releases/squeeze/installmanual
In addition to the regular installation media, Debian GNU/Linux may
also be directly used without prior installation. The special images
used, known as live images, are available for CDs, USB sticks and
netboot setups. Initially, these are provided for the amd64 and i386
architectures only. It is also possible to use these live images to
install Debian GNU/Linux.
The installation process for Debian GNU/Linux 6.0 has been improved in
various ways, including easier selection of language and keyboard
settings, and partitioning of logical volumes, RAID and encrypted
systems. Support has also been added for the ext4 and Btrfs filesystems
and &mdash; on the kFreeBSD architecture &mdash; the Zettabyte
filesystem (ZFS). The installation system for Debian GNU/Linux is now
available in 70 languages.
Debian installation images may be downloaded right now via BitTorrent
[13] (the recommended method), jigdo [14] or HTTP [15]; see Debian on
CDs [16] for further information. It will soon be available on
physical DVD, CD-ROM and Blu-ray Discs from numerous vendors [17], too.
13: http://www.debian.org/CD/torrent-cd/
14: http://www.debian.org/CD/jigdo-cd/#which
15: http://www.debian.org/CD/http-ftp/
16: http://www.debian.org/CD/
17: http://www.debian.org/CD//vendors
Upgrades to Debian GNU/Linux 6.0 from the previous release, Debian
GNU/Linux 5.0 (codenamed "Lenny"), are automatically handled by the
apt-get package management tool for most configurations, and to a
certain degree also by the aptitude package management tool. As
always, Debian GNU/Linux systems may be upgraded painlessly, in place,
without any forced downtime, but it is strongly recommended to read the
release notes [18] as well as the installation guide [19] for possible
issues, and for detailed instructions on installing and upgrading. The
release notes will be further improved and translated to additional
languages in the weeks after the release.
18: http://www.debian.org/releases/squeeze/releasenotes
19: http://www.debian.org/releases/squeeze/installmanual
About Debian
------------
Debian is a free operating system, developed by thousands of volunteers
from all over the world who collaborate via the Internet. The Debian
project's key strengths are its volunteer base, its dedication to the
Debian Social Contract and Free Software, and its commitment to provide
the best operating system possible. Debian 6.0 is another important
step in that direction.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org or send mail to <press< at >debian.org>.
</pre>Meike Reichle2011-02-06T01:20:39Updated Debian GNU/Linux: 5.0.8 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/64
<pre>-------------------------------------------------------------------------
The Debian Project http://www.debian.org/
pdated Debian GNU/Linux: 5.0.8 released press< at >debian.org
January 22nd, 2011 http://www.debian.org/News/2011/20110122
-------------------------------------------------------------------------
Updated Debian GNU/Linux: 5.0.8 released
The Debian project is pleased to announce the eighth update of its
stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This
update mainly adds corrections for security problems to the stable
release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included. There is
no need to throw away 5.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
awstats Fix directory traversal via crafted LoadPlugin directory
base-files Update debian_version for the point release
boxbackup Reduce root CA expiration date to avoid overflow in 2038
git-core Fix cross-site scripting vulnerability
gquilt Insecure setting of PYTHONPATH
hamlib Use system libltdl rather than an internal copy vulnerable to CVE-2009-3736
ia32-libs Refresh with new packages from lenny and lenny-security
ia32-libs-gtk Refresh with new packages from lenny and lenny-security
ldap-account-manager Fix upgrades from lenny by dropping master password debconf question
libcgi-pm-perl Fix header-parsing related security issues
libcgi-simple-perl Fix header-parsing related security issues
libgadu Fix memory corruption when removing dcc7 sessions
man-db Suppress locale warnings when being run from a dpkg maintainer script
mediawiki Deny framing on most pages to minimise risk of clickjacking
movabletype-opensource Fix various XSS and SQL security issues
mumble Don't make configuration file world-readable; delete /var/lib/mumble-server on purge
opensc Protect against buffer overflow from rogue cards
perl Fix header-parsing related security bugs; update to Safe-2.25
postgresql-8.3 New upstream bugfix release
spamassassin Update list of ARIN netblock delegations to avoid false positives in RelayEval
splashy Modify lsb-base-logging.sh to avoid issues if splashy is removed but not purged
surfraw Update Debian security-tracker URL
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-26lenny1)
xdigger Fix buffer overflow errors
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
Advisory ID Package Correction(s)
DSA-2110 linux-2.6 Several issues
DSA-2122 glibc Privilege escalation
DSA-2126 linux-2.6 Several issues
DSA-2127 wireshark Denial of service
DSA-2128 libxml2 Potential code execution
DSA-2129 krb5 Checksum verification weakness
DSA-2130 bind9 Denial of service
DSA-2131 exim4 Remote code execution
DSA-2132 xulrunner Several vulnerabilities
DSA-2133 collectd Denial of service
DSA-2135 xpdf Several vulnerabilities
DSA-2136 tor Potential code execution
DSA-2137 libxml2 Several vulnerabilities
DSA-2138 wordpress SQL injection
DSA-2139 phpmyadmin Several
DSA-2140 libapache2-mod-fcgid Stack overflow
DSA-2141 apache2 Add backward compatibility options when used with new openssl
DSA-2141 nss Protocol design flaw
DSA-2141 apache2-mpm-itk Rebuild with apache2-src 2.2.9-10+lenny9
DSA-2141 openssl Protocol design flaw
DSA-2141 lighttpd Compatibility problem with updated openssl
DSA-2142 dpkg Directory traversal
DSA-2143 mysql-dfsg-5.0 Several vulnerabilities
DSA-2144 wireshark Buffer overflow
DSA-2145 libsmi Buffer overflow
DSA-2146 mydms Directory traversal problem
DSA-2147 pimd Insecure temporary files
DSA-2148 tor Several
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
pytris security issues; abandoned upstream
python-gendoc broken with python >= 2.5
clive completely broken
gmailfs broken due to gmail changes; abandoned upstream
python-libgmail broken due to gmail changes; abandoned upstream
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press< at >debian.org>, or contact
the stable release team at <debian-release< at >lists.debian.org>
</pre>Alexander Reichle-Schmehl2011-01-22T15:39:13Updated Debian GNU/Linux: 5.0.7 released
http://permalink.gmane.org/gmane.linux.debian.user.announce/63
<pre>-------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian GNU/Linux: 5.0.7 released press< at >debian.org
November 27th, 2010 http://www.debian.org/News/2010/20101127
-------------------------------------------------------------------------
Updated Debian GNU/Linux: 5.0.7 released
The Debian project is pleased to announce the seventh update of its
stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This
update mainly adds corrections for security problems to the stable
release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included. There is
no need to throw away 5.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/mirror/list>
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
base-files Update /etc/debian_version
bogofilter Fix possible heap corruption decoding base64
dar Rebuild against libbz2-dev 1.0.5-1+lenny1 (DSA-2112-1/CVE-2010-0405)
dpkg Don't lose metadata if readdir() returns newly added files
imagemagick Don't read configuration files from the current directory
kvm Fix segfault in MMIO subpage handling code
lastfm Fix insecure setting of LD_LIBRARY_PATH
libapache-authenhook-perl Remove passwords from log messages
libgdiplus Fix integer overflows in BMP, JPEG and TIFF handling
libvirt Masquerade source ports for virtual network traffic (CVE-2010-2242)
linux-2.6 Several fixes
mantis Fix cross-site scripting issues
mt-daapd Handle aeMK tag, required for iTunes 10
openscenegraph Fix DoS in embedded copy of lib3ds
perdition Fix 64-bit issues; fix SSL re-negotiation; don't call make from postrm
ser2net Fix NULL pointer dereference
sun-java6 Various security fixes
tor Import new upstream version from volatile; add compatibility with openssl security update; add new directory authority
ttf-beteckna Update hints file to match the shipped fonts
ttf-okolaks Update hints file to match the shipped fonts
tzdata Updated timezone data and translations
user-mode-linux Rebuild against linux-2.6_2.6.26-26
xen-tools Don't create world-readable disk images
xorg-server Don't create log world-writable; (xfvb-run) don't pass magic xauth cookies on the command line
Please note that due to an issue with the preparation of the package,
the updated linux-2.6 packages included in this point release do not
incorporate the security fixes released in DSA 2110-1. DSA 2126-1,
which has just been released, includes the updates from both DSA 2110-1
and the linux-2.6 packages from this point release.
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
Advisory ID Package Correction(s)
DSA-1943 openldap SSL certificate NUL byte vulnerability
DSA-1991 squid Denial of service
DSA-2038 pidgin Re-enable SILC, SIMPLE et Yahoo! Messenger protocols
DSA-2050 kdegraphics Several vulnerabilities
DSA-2077 openldap Potential code execution
DSA-2097 phpmyadmin Several vulnerabilities
DSA-2098 typo3-src Regression
DSA-2102 barnowl Arbitrary code execution
DSA-2103 smbind SQL injection
DSA-2104 quagga Denial of service
DSA-2105 freetype Several vulnerabilities
DSA-2106 xulrunner Several vulnerabilities
DSA-2107 couchdb Arbitrary code execution
DSA-2108 cvsnt Arbitrary code execution
DSA-2109 samba Buffer overflow
DSA-2110 user-mode-linux Several issues
DSA-2111 squid3 Denial of service
DSA-2112 dpkg Integer overflow
DSA-2112 bzip2 Integer overflow
DSA-2113 drupal6 Several vulnerabilities
DSA-2114 git-core Regression
DSA-2115 moodle Several vulnerabilities
DSA-2116 freetype Integer overflow
DSA-2117 apr-util Denial of service
DSA-2118 subversion Authentication bypass
DSA-2119 poppler Several vulnerabilities
DSA-2120 postgresql-8.3 Privilege escalation
DSA-2121 typo3-src Several vulnerabilities
DSA-2122 glibc Local privilege escalation
DSA-2123 nss Cryptographic weaknesses
DSA-2124 xulrunner Several vulnerabilities
DSA-2125 openssl Buffer overflow
Debian Installer
----------------
The Debian Installer has been updated to incorporate a new kernel
containing a number of important fixes.
Please note that due to an issue with the preparation of the package,
the updated kernel included in this release of the Installer does not
incorporate the security fixes released in DSA 2110-1. DSA 2126-1,
which has just been released, includes the updates from both DSA 2110-1
and the linux-2.6 packages from this point release and will be included
in the installed system assuming that updates from the security
repositories are selected during installation.
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/lenny/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press< at >debian.org>, or contact
the stable release team at <debian-release< at >lists.debian.org>
</pre>Alexander Reichle-Schmehl2010-11-27T23:15:04Debian to officially welcome non-packaging contributors
http://permalink.gmane.org/gmane.linux.debian.user.announce/62
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian to officially welcome non-packaging contributors press< at >debian.org
Octiber 19th, 2010 http://www.debian.org/News/2010/20101019
------------------------------------------------------------------------
Debian to officially welcome non-packaging contributors
Today, the Debian Project has overwhelmingly decided in a General
Resolution[1] to formally acknowlege the contribution made by many
people who help Debian in ways other than maintaining packages - by
opening up the process of becoming an officially recognised Debian
Developer.
While the Debian Project has always welcomed non-packaging contributors,
for example documentation writers and translators, there was low takeup
of official Debian Developer status (including full voting rights and
other privileges). As there was no clear documented procedure for these
non-packaging contributors, it was handled on a case-by-case basis.
It was decided to end this nuisance by finally welcoming all
contributors, regardless of the nature of their contribution into the
heart of the Debian Project and invite the Debian Account managers to
establish procedures to evaluate and accept non-packaging contributors.
1: http://www.debian.org/vote/2010/vote_002
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free, community project. Since then the project has grown to be one of
the largest and most influential open source projects. Over three
thousand volunteers from all over the world work together to create and
maintain Debian software. Translated into over 30 languages, and
supporting a huge range of computer types, Debian calls itself the
"universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Alexander Reichle-Schmehl2010-10-19T11:33:24Debian to officially welcome non-packaging contributors
http://permalink.gmane.org/gmane.linux.debian.user.announce/62
<pre>------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian to officially welcome non-packaging contributors press< at >debian.org
Octiber 19th, 2010 http://www.debian.org/News/2010/20101019
------------------------------------------------------------------------
Debian to officially welcome non-packaging contributors
Today, the Debian Project has overwhelmingly decided in a General
Resolution[1] to formally acknowlege the contribution made by many
people who help Debian in ways other than maintaining packages - by
opening up the process of becoming an officially recognised Debian
Developer.
While the Debian Project has always welcomed non-packaging contributors,
for example documentation writers and translators, there was low takeup
of official Debian Developer status (including full voting rights and
other privileges). As there was no clear documented procedure for these
non-packaging contributors, it was handled on a case-by-case basis.
It was decided to end this nuisance by finally welcoming all
contributors, regardless of the nature of their contribution into the
heart of the Debian Project and invite the Debian Account managers to
establish procedures to evaluate and accept non-packaging contributors.
1: http://www.debian.org/vote/2010/vote_002
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly
free, community project. Since then the project has grown to be one of
the largest and most influential open source projects. Over three
thousand volunteers from all over the world work together to create and
maintain Debian software. Translated into over 30 languages, and
supporting a huge range of computer types, Debian calls itself the
"universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to <press< at >debian.org>.
</pre>Alexander Reichle-Schmehl2010-10-19T11:33:24Search EngineSearch the mailing list at Gmanequery
http://search.gmane.org/?group=$group=gmane.linux.debian.user.announce