Alguien sabe cuando saldr'a Debian 6.0 El 30 de enero de 2010 21:47, José Miguel Parrella Romero < [email protected]> escribió:
> > > ------------------------------------------------------------------------- > The Debian Project http://www.debian.org/ > Debian GNU/Linux 5.0 updated [email protected] > January 30th, 2010 http://www.debian.org/News/2010/20100130 > ------------------------------------------------------------------------- > > Debian GNU/Linux 5.0 updated > > The Debian project is pleased to announce the fourth update of its stable > distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly > adds corrections for security problems to the stable release, along with > a few adjustments for serious problems. > > Please note that this update does not constitute a new version of Debian > GNU/Linux 5.0 but only updates some of the packages included. There is > no need to throw away 5.0 CDs or DVDs but only to update via an up-to- > date Debian mirror after an installation, to cause any out of date > packages to be updated. > > Those who frequently install updates from security.debian.org won't have > to update many packages and most updates from security.debian.org are > included in this update. > > New CD and DVD images containing updated packages and the regular > installation media accompanied with the package archive respectively will > be available soon at the regular locations. > > Upgrading to this revision online is usually done by pointing the > aptitude (or apt) package tool (see the sources.list(5) manual page) to > one of Debian's many FTP or HTTP mirrors. A comprehensive list of > mirrors is available at: > > <http://www.debian.org/distrib/ftplist> > > > Miscellaneous Bugfixes > ---------------------- > > This stable update adds a few important corrections to the following > packages: > > Package Reason > > alien-arena Fix remote arbitrary code execution > amarok Apply regex update to make Wikipedia tab > work again > apache2 Several issues > backup-manager Fix possible mysql password leakage to > local users > backuppc Prohibit editing of client name alias to > avoid unauthorised file access > base-files Update /etc/debian_version to reflect > the point release > choose-mirror Improve suite selection and validation > of suites available on selected mirror > clock-setup Correctly handle system dates before > epoch > consolekit Don't create pam-foreground-compat tag > files for remote users > debmirror Compress packages files using > --rsyncable so they match the files from the archive > devscripts Update a number of scripts to understand > squeeze and lenny-backports > dhcp3 Fix memory leak and SIGPIPE in LDAP code > dpkg Various fixes to new source package > format support > drupal6 Fix XSS issues in Contact and Menu > moduels > fam Fix 100% CPU usage in famd > fetchmail Fix init script dependencies; don't > complain about missing configuration when disabled > firebird2.0 Fix DOS via malformed message > gchempaint Fix segmentation fault > gdebi Fix gksu call to not pass an option that > the Debian package doesn't support > geneweb Correctly handle database with names > containing whitespace in the postinst > ghc6 Fix deadlock bug on 64-bit architectures > glib2.0 Fix g_file_copy to correctly set > permissions of target files > glibc Fix bug in realloc() when enlarging a > memory allocation > gnash Reduce messages produced by the browser > plugin to avoid filling .xsession-errors > gnome-system-tools Don't change root's home directory when > editing the user and fix group creation dialog > haproxy Several stability and crash fixes > kazehakase Disallow adding bookmarks for > data:/javascript: URIs (CVE-2007-1084) > killer Correctly handle long usernames in the > ruser field > libcgi-pm-perl Fix unwanted ISO-8859-1 -> UTF-8 > conversion in CGI::Util::escape() > libdbd-mysql-perl Fix segmentation faults caused by > auto_reconnect > libdbd-pg-perl Correctly handle high-bit characters > libfinance-quote-perl Fix ordering of fields in Yahoo data > linux-2.6 Several corrections > linux-kernel-di-alpha-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-arm-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-hppa-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.26-21 > linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.26-21 > lkl Rebuild to get new MD5 sum (previous sum > was causing FPs from antivirus) > movabletype-opensource Disable mt-wizard.cgi by default > munin Fix CPU usage graphs to account for > changes in kernel reporting > mysql-dfsg-5.0 Revert "dummy thread" workaround which > causes segfaults and fix crash when using GIS functions > nss-ldapd Treat usernames and other lookups as > case-sensitive > openttd Fix remote crash vulnerability > otrs2 Don't globally limit MaxRequestsPerChild > on Apache or reject valid domains > partman-auto-crypto Avoid triggering unsafe swap warning > when setting up LVM > planet-venus Enhance escaping of processed feeds > proftpd-dfsg SSL certificate verification weakness > pyenchant Make add_to_personal() work again > python-docutils Fix insecure temporary file usage in > reStructuredText Emacs mode > python-xml Fix two denials of service > qcontrol Create persistent input device to handle > changes in udev 0.125-7+lenny3 > redhat-cluster Fix problem with resource failover > request-tracker3.6 Session hijack vulnerability > roundup Fix pagination regression caused by > security fix > samba Fix regression in name mangling > serveez Fix remote buffer overflow > shadow Fix handling of long lines in the user > or group files > spamassassin Don't consider dates in 2010 "grossly in > the future" > system-tools-backends Fix regression in operation of some > elements > texlive-bin Fix crash with large files > tor Fix crash due to race condition and > update authority keys > totem Update youtube plugin to match changes > to the site > tzdata Update timezone data > usbutils Update USB IDs > user-mode-linux Rebuild against linux-source-2.6.26 > 2.6.26-21 > vpb-driver Fix Asterisk crash with missing config > file > watchdog Ensure daemon really has ended before > starting a new one > webauth Avoid inadvertently including passwords > in cookie test URLs > wireshark Several vulnerabilities > xfs Fix temporary directory usage in the > init script > xscreensaver Fix local screen lock bypass > vulnerability > > A number of packages were rebuilt on the alpha, amd64 and ia64 > architectures to incorporate the fix from the updated ghc6 package: > > alex arch2darcs > bnfc c2hs > dfsbuild drift > cpphs darcs > darcs-buildpackage darcs-monitor > datapacker frown > geordi haddock > happy haskell-utils > hat helium > hmake hpodder > hscolour lhs2tex > kaya pxsl-tools > srcinst uuagc > whitespace xmonad > > > Debian Installer > ---------------- > > The Debian Installer has been updated in this point release to offer > better support for installation of the "oldstable" distribution and from > archive.debian.org. The new installer also allows the system date to be > updated using NTP if it is before January 1st, 1970 at boot time. > > The kernel image used by the installer has been updated to incorporate a > number of important and security-related fixes together with support for > additional hardware. > > An update to the udev package in the previous point release > unfortunately led to the LEDs and on-board buzzer of arm/armel-based > QNAP NAS devices not operating during installs. This is rectified in > the new installer release. > > Finally, it is once again possible to use the installer on the S/390 > architecture by booting from CD. > > > Security Updates > ---------------- > > This revision adds the following security updates to the stable release. > The Security Team has already released an advisory for each of these > updates: > > Advisory ID Package Correction(s) > > DSA 1796 libwmf Denial of service > DSA 1825 nagios3 Arbitrary code execution > DSA 1835 tiff Several vulnerabilities > DSA 1836 fckeditor Arbitrary code execution > DSA 1837 dbus Denial of service > DSA 1839 gst-plugins-good0.10 Arbitrary code execution > DSA 1849 xml-security-c Signature forgery > DSA 1850 libmodplug Arbitrary code execution > DSA 1860 ruby1.9 Several issues > DSA 1863 zope2.10 Arbitrary code execution > DSA 1866 kdegraphics Several vulnerabilities > DSA 1868 kde4libs Several vulnerabilities > DSA 1878 devscripts Remote code execution > DSA 1879 silc-client Arbitrary code execution > DSA 1879 silc-toolkit Arbitrary code execution > DSA 1880 openoffice.org Arbitrary code execution > DSA 1882 xapian-omega Cross-site scripting > DSA 1884 nginx Arbitrary code execution > DSA 1885 xulrunner Several vulnerabilities > DSA 1886 iceweasel Several vulnerabilities > DSA 1887 rails Cross-site scripting > DSA 1888 openssl Deprecate MD2 hash signatures > DSA 1889 icu Security bypass due to multibyte > sequence parsing > DSA 1890 wxwidgets2.6 Arbitrary code execution > DSA 1890 wxwidgets2.8 Arbitrary code execution > DSA 1891 changetrack Arbitrary code execution > DSA 1892 dovecot Arbitrary code execution > DSA 1893 cyrus-imapd-2.2 Arbitrary code execution > DSA 1893 kolab-cyrus-imapd Arbitrary code execution > DSA 1894 newt Arbitrary code execution > DSA 1895 opensaml2 Interpretation conflict > DSA 1895 shibboleth-sp2 Interpretation conflict > DSA 1895 xmltooling Potential code execution > DSA 1896 opensaml Potential code execution > DSA 1896 shibboleth-sp Potential code execution > DSA 1897 horde3 Arbitrary code execution > DSA 1898 openswan Denial of service > DSA 1899 strongswan Denial of service > DSA 1900 postgresql-8.3 Various problems > DSA 1903 graphicsmagick Several vulnerabilities > DSA 1904 wget SSL certificate verification > weakness > DSA 1905 python-django Denial of service > DSA 1907 kvm Several vulnerabilities > DSA 1908 samba Several vulnerabilities > DSA 1909 postgresql-ocaml Missing escape function > DSA 1910 mysql-ocaml Missing escape function > DSA 1911 pygresql Missing escape function > DSA 1912 advi Arbitrary code execution > DSA 1912 camlimages Arbitrary code execution > DSA 1913 bugzilla SQL injection > DSA 1914 mapserver Serveral vulnerabilities > DSA 1915 linux-2.6 Several vulnerabilities > DSA 1915 user-mode-linux Several vulnerabilities > DSA 1916 kdelibs SSL certificate verification > weakness > DSA 1917 mimetex Several vulnerabilities > DSA 1918 phpmyadmin Several vulnerabilities > DSA 1919 smarty Several vulnerabilities > DSA 1920 nginx Denial of service > DSA 1921 expat Denial of service > DSA 1922 xulrunner Several vulnerabilities > DSA 1923 libhtml-parser-perl Denial of service > DSA 1924 mahara Several vulnerabilities > DSA 1925 proftpd-dfsg SSL certificate verification > weakness > DSA 1926 typo3-src Several vulnerabilities > DSA 1930 drupal6 Several vulnerabilities > DSA 1931 nspr Several vulnerabilities > DSA 1932 pidgin Arbitrary code execution > DSA 1933 cups Cross-site scripting > DSA 1934 apache2 Several issues > DSA 1934 apache2-mpm-itk Several issues > DSA 1935 gnutls26 SSL certificate NUL byte > vulnerability > DSA 1936 libgd2 Several vulnerabilities > DSA 1937 gforge Cross-site scripting > DSA 1938 php-mail Insufficient input sanitising > DSA 1939 libvorbis Several vulnerabilities > DSA 1940 php5 Multiple issues > DSA 1941 poppler Several vulnerabilities > DSA 1942 wireshark Several vulnerabilities > DSA 1944 request-tracker3.6 Session hijack vulnerability > DSA 1945 gforge Denial of service > DSA 1947 opensaml2 Cross-site scripting > DSA 1947 shibboleth-sp Cross-site scripting > DSA 1947 shibboleth-sp2 Cross-site scripting > DSA 1948 ntp Denial of service > DSA 1949 php-net-ping Arbitrary code execution > DSA 1950 webkit Several vulnerabilities > DSA 1951 firefox-sage Insufficient input sanitizing > DSA 1952 asterisk Several vulnerabilities > DSA 1953 expat Denial of service > DSA 1954 cacti Insufficient input sanitising > DSA 1956 xulrunner Several vulnerabilities > DSA 1957 aria2 Arbitrary code execution > DSA 1958 libtool Privilege escalation > DSA 1959 ganeti Arbitrary command execution > DSA 1960 acpid Weak file permissions > DSA 1961 bind9 Cache poisoning > DSA 1962 kvm Several vulnerabilities > DSA 1963 unbound DNSSEC validation > DSA 1964 postgresql-8.3 Several vulnerabilities > DSA 1965 phpldapadmin Remote file inclusion > DSA 1966 horde3 Cross-site scripting > DSA 1967 transmission Directory traversal > DSA 1968 pdns-recursor Potential code execution > DSA 1969 krb5 Denial of service > DSA 1970 openssl Denial of service > DSA 1971 libthai Arbitrary code execution > DSA 1972 audiofile Buffer overflow > DSA 1974 gzip Arbitrary code execution > DSA 1976 dokuwiki Several vulnerabilities > DSA 1978 phpgroupware Several vulnerabilities > DSA 1979 lintian Multiple vulnerabilities > DSA 1980 ircd-hybrid Arbitrary code execution > > > Removed packages > ---------------- > > The following packages were removed due to circumstances beyond our > control: > > Package Reason > > destar Security issues; unmaintained; abandoned upstream > electricsheep No longer functional > gnudip Security issues; unmaintained; abandoned upstream > kcheckgmail No longer functional > libgnucrypto-java Security issues; obsolete > > Additionally those parts of the libwww-search-perl and > libperl4caml-ocaml-dev packages which rely on the Google SOAP search > API (provided by libnet-google-perl) are no longer functional as the > API has been retired by Google. The remaining portions of the > packages will continue to function as before. > > > URLs > ---- > > The complete lists of packages that have changed with this revision: > > <http://ftp.debian.org/debian/dists/lenny/ChangeLog> > > The current stable distribution: > > <http://ftp.debian.org/debian/dists/stable> > > Proposed updates to the stable distribution: > > <http://ftp.debian.org/debian/dists/proposed-updates> > > stable distribution information (release notes, errata etc.): > > <http://www.debian.org/releases/stable/> > > Security announcements and information: > > <http://www.debian.org/security/> > > > About Debian > ------------ > > The Debian Project is an association of Free Software developers who > volunteer their time and effort in order to produce the completely free > operating system Debian GNU/Linux. > > > Contact Information > ------------------- > > For further information, please visit the Debian web pages at > <http://www.debian.org/>, send mail to <[email protected]>, or contact the > stable release team at <[email protected]> > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > > > _______________________________________________ > Espiral mailing list > [email protected] > http://debian.ec/cgi-bin/mailman/listinfo/espiral > > -- /\/\;/----------------------------------------------------- Milton Leonardo Labanda Jaramillo[1000tonlab] Distro: Debian GNU/Linux Lenny 5.0 Blog: http://1000tonlab.wordpress.com "Solamente la libertad que se somete a la Verdad conduce a la persona humana a su verdadero bien.... ". Juan Pablo II (:\ Usa Software Legal, usa Software Libre /:)
_______________________________________________ Espiral mailing list [email protected] http://debian.ec/cgi-bin/mailman/listinfo/espiral
