Milton Labanda wrote:
Alguien sabe cuando saldr'a Debian 6.0
El 30 de enero de 2010 21:47, José Miguel Parrella Romero
<[email protected] <mailto:[email protected]>> escribió:
-------------------------------------------------------------------------
The Debian Project
http://www.debian.org/
Debian GNU/Linux 5.0 updated
[email protected] <mailto:[email protected]>
January 30th, 2010
http://www.debian.org/News/2010/20100130
-------------------------------------------------------------------------
Debian GNU/Linux 5.0 updated
The Debian project is pleased to announce the fourth update of its
stable
distribution Debian GNU/Linux 5.0 (codename "lenny"). This update
mainly
adds corrections for security problems to the stable release,
along with
a few adjustments for serious problems.
Please note that this update does not constitute a new version of
Debian
GNU/Linux 5.0 but only updates some of the packages included.
There is
no need to throw away 5.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.
Those who frequently install updates from security.debian.org
<http://security.debian.org> won't have
to update many packages and most updates from security.debian.org
<http://security.debian.org> are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive
respectively will
be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual
page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/distrib/ftplist>
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the
following packages:
Package Reason
alien-arena Fix remote arbitrary code execution
amarok Apply regex update to make
Wikipedia tab work again
apache2 Several issues
backup-manager Fix possible mysql password
leakage to local users
backuppc Prohibit editing of client name
alias to avoid unauthorised file access
base-files Update /etc/debian_version to
reflect the point release
choose-mirror Improve suite selection and
validation of suites available on selected mirror
clock-setup Correctly handle system dates
before epoch
consolekit Don't create
pam-foreground-compat tag files for remote users
debmirror Compress packages files using
--rsyncable so they match the files from the archive
devscripts Update a number of scripts to
understand squeeze and lenny-backports
dhcp3 Fix memory leak and SIGPIPE in
LDAP code
dpkg Various fixes to new source
package format support
drupal6 Fix XSS issues in Contact and
Menu moduels
fam Fix 100% CPU usage in famd
fetchmail Fix init script dependencies;
don't complain about missing configuration when disabled
firebird2.0 Fix DOS via malformed message
gchempaint Fix segmentation fault
gdebi Fix gksu call to not pass an
option that the Debian package doesn't support
geneweb Correctly handle database with
names containing whitespace in the postinst
ghc6 Fix deadlock bug on 64-bit
architectures
glib2.0 Fix g_file_copy to correctly
set permissions of target files
glibc Fix bug in realloc() when
enlarging a memory allocation
gnash Reduce messages produced by the
browser plugin to avoid filling .xsession-errors
gnome-system-tools Don't change root's home
directory when editing the user and fix group creation dialog
haproxy Several stability and crash fixes
kazehakase Disallow adding bookmarks for
data:/javascript: URIs (CVE-2007-1084)
killer Correctly handle long usernames
in the ruser field
libcgi-pm-perl Fix unwanted ISO-8859-1 ->
UTF-8 conversion in CGI::Util::escape()
libdbd-mysql-perl Fix segmentation faults caused
by auto_reconnect
libdbd-pg-perl Correctly handle high-bit
characters
libfinance-quote-perl Fix ordering of fields in Yahoo
data
linux-2.6 Several corrections
linux-kernel-di-alpha-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-arm-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-hppa-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.26-21
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.26-21
lkl Rebuild to get new MD5 sum
(previous sum was causing FPs from antivirus)
movabletype-opensource Disable mt-wizard.cgi by default
munin Fix CPU usage graphs to account
for changes in kernel reporting
mysql-dfsg-5.0 Revert "dummy thread"
workaround which causes segfaults and fix crash when using GIS
functions
nss-ldapd Treat usernames and other
lookups as case-sensitive
openttd Fix remote crash vulnerability
otrs2 Don't globally limit
MaxRequestsPerChild on Apache or reject valid domains
partman-auto-crypto Avoid triggering unsafe swap
warning when setting up LVM
planet-venus Enhance escaping of processed feeds
proftpd-dfsg SSL certificate verification
weakness
pyenchant Make add_to_personal() work again
python-docutils Fix insecure temporary file
usage in reStructuredText Emacs mode
python-xml Fix two denials of service
qcontrol Create persistent input device
to handle changes in udev 0.125-7+lenny3
redhat-cluster Fix problem with resource failover
request-tracker3.6 Session hijack vulnerability
roundup Fix pagination regression
caused by security fix
samba Fix regression in name mangling
serveez Fix remote buffer overflow
shadow Fix handling of long lines in
the user or group files
spamassassin Don't consider dates in 2010
"grossly in the future"
system-tools-backends Fix regression in operation of
some elements
texlive-bin Fix crash with large files
tor Fix crash due to race condition
and update authority keys
totem Update youtube plugin to match
changes to the site
tzdata Update timezone data
usbutils Update USB IDs
user-mode-linux Rebuild against
linux-source-2.6.26 2.6.26-21
vpb-driver Fix Asterisk crash with missing
config file
watchdog Ensure daemon really has ended
before starting a new one
webauth Avoid inadvertently including
passwords in cookie test URLs
wireshark Several vulnerabilities
xfs Fix temporary directory usage
in the init script
xscreensaver Fix local screen lock bypass
vulnerability
A number of packages were rebuilt on the alpha, amd64 and ia64
architectures to incorporate the fix from the updated ghc6 package:
alex arch2darcs
bnfc c2hs
dfsbuild drift
cpphs darcs
darcs-buildpackage darcs-monitor
datapacker frown
geordi haddock
happy haskell-utils
hat helium
hmake hpodder
hscolour lhs2tex
kaya pxsl-tools
srcinst uuagc
whitespace xmonad
Debian Installer
----------------
The Debian Installer has been updated in this point release to offer
better support for installation of the "oldstable" distribution
and from
archive.debian.org <http://archive.debian.org>. The new installer
also allows the system date to be
updated using NTP if it is before January 1st, 1970 at boot time.
The kernel image used by the installer has been updated to
incorporate a
number of important and security-related fixes together with
support for
additional hardware.
An update to the udev package in the previous point release
unfortunately led to the LEDs and on-board buzzer of arm/armel-based
QNAP NAS devices not operating during installs. This is rectified in
the new installer release.
Finally, it is once again possible to use the installer on the S/390
architecture by booting from CD.
Security Updates
----------------
This revision adds the following security updates to the stable
release.
The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA 1796 libwmf Denial of service
DSA 1825 nagios3 Arbitrary code execution
DSA 1835 tiff Several vulnerabilities
DSA 1836 fckeditor Arbitrary code execution
DSA 1837 dbus Denial of service
DSA 1839 gst-plugins-good0.10 Arbitrary code execution
DSA 1849 xml-security-c Signature forgery
DSA 1850 libmodplug Arbitrary code execution
DSA 1860 ruby1.9 Several issues
DSA 1863 zope2.10 Arbitrary code execution
DSA 1866 kdegraphics Several vulnerabilities
DSA 1868 kde4libs Several vulnerabilities
DSA 1878 devscripts Remote code execution
DSA 1879 silc-client Arbitrary code execution
DSA 1879 silc-toolkit Arbitrary code execution
DSA 1880 openoffice.org <http://openoffice.org>
Arbitrary code execution
DSA 1882 xapian-omega Cross-site scripting
DSA 1884 nginx Arbitrary code execution
DSA 1885 xulrunner Several vulnerabilities
DSA 1886 iceweasel Several vulnerabilities
DSA 1887 rails Cross-site scripting
DSA 1888 openssl Deprecate MD2 hash
signatures
DSA 1889 icu Security bypass due to
multibyte sequence parsing
DSA 1890 wxwidgets2.6 Arbitrary code execution
DSA 1890 wxwidgets2.8 Arbitrary code execution
DSA 1891 changetrack Arbitrary code execution
DSA 1892 dovecot Arbitrary code execution
DSA 1893 cyrus-imapd-2.2 Arbitrary code execution
DSA 1893 kolab-cyrus-imapd Arbitrary code execution
DSA 1894 newt Arbitrary code execution
DSA 1895 opensaml2 Interpretation conflict
DSA 1895 shibboleth-sp2 Interpretation conflict
DSA 1895 xmltooling Potential code execution
DSA 1896 opensaml Potential code execution
DSA 1896 shibboleth-sp Potential code execution
DSA 1897 horde3 Arbitrary code execution
DSA 1898 openswan Denial of service
DSA 1899 strongswan Denial of service
DSA 1900 postgresql-8.3 Various problems
DSA 1903 graphicsmagick Several vulnerabilities
DSA 1904 wget SSL certificate
verification weakness
DSA 1905 python-django Denial of service
DSA 1907 kvm Several vulnerabilities
DSA 1908 samba Several vulnerabilities
DSA 1909 postgresql-ocaml Missing escape function
DSA 1910 mysql-ocaml Missing escape function
DSA 1911 pygresql Missing escape function
DSA 1912 advi Arbitrary code execution
DSA 1912 camlimages Arbitrary code execution
DSA 1913 bugzilla SQL injection
DSA 1914 mapserver Serveral vulnerabilities
DSA 1915 linux-2.6 Several vulnerabilities
DSA 1915 user-mode-linux Several vulnerabilities
DSA 1916 kdelibs SSL certificate
verification weakness
DSA 1917 mimetex Several vulnerabilities
DSA 1918 phpmyadmin Several vulnerabilities
DSA 1919 smarty Several vulnerabilities
DSA 1920 nginx Denial of service
DSA 1921 expat Denial of service
DSA 1922 xulrunner Several vulnerabilities
DSA 1923 libhtml-parser-perl Denial of service
DSA 1924 mahara Several vulnerabilities
DSA 1925 proftpd-dfsg SSL certificate
verification weakness
DSA 1926 typo3-src Several vulnerabilities
DSA 1930 drupal6 Several vulnerabilities
DSA 1931 nspr Several vulnerabilities
DSA 1932 pidgin Arbitrary code execution
DSA 1933 cups Cross-site scripting
DSA 1934 apache2 Several issues
DSA 1934 apache2-mpm-itk Several issues
DSA 1935 gnutls26 SSL certificate NUL byte
vulnerability
DSA 1936 libgd2 Several vulnerabilities
DSA 1937 gforge Cross-site scripting
DSA 1938 php-mail Insufficient input
sanitising
DSA 1939 libvorbis Several vulnerabilities
DSA 1940 php5 Multiple issues
DSA 1941 poppler Several vulnerabilities
DSA 1942 wireshark Several vulnerabilities
DSA 1944 request-tracker3.6 Session hijack vulnerability
DSA 1945 gforge Denial of service
DSA 1947 opensaml2 Cross-site scripting
DSA 1947 shibboleth-sp Cross-site scripting
DSA 1947 shibboleth-sp2 Cross-site scripting
DSA 1948 ntp Denial of service
DSA 1949 php-net-ping Arbitrary code execution
DSA 1950 webkit Several vulnerabilities
DSA 1951 firefox-sage Insufficient input
sanitizing
DSA 1952 asterisk Several vulnerabilities
DSA 1953 expat Denial of service
DSA 1954 cacti Insufficient input
sanitising
DSA 1956 xulrunner Several vulnerabilities
DSA 1957 aria2 Arbitrary code execution
DSA 1958 libtool Privilege escalation
DSA 1959 ganeti Arbitrary command execution
DSA 1960 acpid Weak file permissions
DSA 1961 bind9 Cache poisoning
DSA 1962 kvm Several vulnerabilities
DSA 1963 unbound DNSSEC validation
DSA 1964 postgresql-8.3 Several vulnerabilities
DSA 1965 phpldapadmin Remote file inclusion
DSA 1966 horde3 Cross-site scripting
DSA 1967 transmission Directory traversal
DSA 1968 pdns-recursor Potential code execution
DSA 1969 krb5 Denial of service
DSA 1970 openssl Denial of service
DSA 1971 libthai Arbitrary code execution
DSA 1972 audiofile Buffer overflow
DSA 1974 gzip Arbitrary code execution
DSA 1976 dokuwiki Several vulnerabilities
DSA 1978 phpgroupware Several vulnerabilities
DSA 1979 lintian Multiple vulnerabilities
DSA 1980 ircd-hybrid Arbitrary code execution
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
destar Security issues; unmaintained; abandoned
upstream
electricsheep No longer functional
gnudip Security issues; unmaintained; abandoned
upstream
kcheckgmail No longer functional
libgnucrypto-java Security issues; obsolete
Additionally those parts of the libwww-search-perl and
libperl4caml-ocaml-dev packages which rely on the Google SOAP search
API (provided by libnet-google-perl) are no longer functional as the
API has been retired by Google. The remaining portions of the
packages will continue to function as before.
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/lenny/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free
operating system Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <[email protected]
<mailto:[email protected]>>, or contact the
stable release team at <[email protected]
<mailto:[email protected]>>
--
To UNSUBSCRIBE, email to [email protected]
<mailto:[email protected]>
with a subject of "unsubscribe". Trouble? Contact
[email protected] <mailto:[email protected]>
_______________________________________________
Espiral mailing list
[email protected] <mailto:[email protected]>
http://debian.ec/cgi-bin/mailman/listinfo/espiral
--
/\/\;/-----------------------------------------------------
Milton Leonardo Labanda Jaramillo[1000tonlab]
Distro: Debian GNU/Linux Lenny 5.0
Blog: http://1000tonlab.wordpress.com
"Solamente la libertad que se somete a la Verdad
conduce a la persona humana a su verdadero
bien.... ". Juan Pablo II
(:\ Usa Software Legal, usa Software Libre /:)
------------------------------------------------------------------------
_______________________________________________
Espiral mailing list
[email protected]
http://debian.ec/cgi-bin/mailman/listinfo/espiral
No hay fecha todavia inclusive ni siquiera esta congelado, yo uso
testing desde hace rato y ya esta muy estable realmente, cuando lo
congelen ya no entraran nuevas versiones solo correcciones de paquetes y
esta casi lista.
PD: Milton aunq gmail insita a responder arriba siempre es mejor hacerlo
abajo del texto, para evitar el top-posting
http://es.wikipedia.org/wiki/Top-posting inténtalo
Saludos
_______________________________________________
Espiral mailing list
[email protected]
http://debian.ec/cgi-bin/mailman/listinfo/espiral
