announcing the beginning of security support for testing

2005-09-16 Thread Moisés Jardim Pinheiro

Enviado por Moisés Jardim Pinheiro
Fone: (53) 9107 8473
ICQ: 300539142
Linux User #366875

Fwd: announcing the beginning of security support for testing

2005-09-09 Thread Tiago Saboga
Acho que é de interesse geral, e complementa especialmente a discussão que 
ocorria com assunto "xorg".

--  Mensagem reenviada  --

Subject: announcing the beginning of security support for testing
Date: Sex 09 Set 2005 16:27
From: Joey Hess <[EMAIL PROTECTED]>

Debian Testing Security TeamSeptember 9th, 2005

Security support for testing

The Debian testing security team is pleased to announce the beginning of
full security support for Debian's testing distribution. We have spent the
past year building the team, tracking and fixing security holes, and
creating our infrastructure, and now the final pieces are in place, and
we are able to offer security updates and advisories for testing.

We invite Debian users who are currently running testing, or who would like
to switch to testing, to subscribe to the secure-testing-announce mailing
list, which is used to announce security updates:

We also invite you to add the following lines to your
/etc/apt/sources.list file, and run "apt-get update && apt-get upgrade"
to make the security updates available.

 etch/security-updates main contrib non-free deb-src etch/security-updates
 main contrib non-free

Alternatively, replace "" in the above lines with
a mirror near you: (located in Germany) (located in the Netherlands)  (located in UK) in Japan) in Sweden)

Some initial advisories have already been posted to the list and are already
available in the repository. These include:

[DTSA-1-1] New kismet packages fix remote code execution
[DTSA-2-1] New centericq packages fix multiple vulnerabilities
[DTSA-3-1] New clamav packages fix denial of service and privilege escalation
[DTSA-4-1] New ekg packages fix multiple vulnerabilities
[DTSA-5-1] New gaim packages fix multiple remote vulnerabilities
[DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities
[DTSA-7-1] New mozilla packages fix frame injection spoofing
[DTSA-8-1] New mozilla-firefox packages fix several vulnerabilities
[DTSA-9-1] New bluez-utils packages fix bad device name escaping
[DTSA-10-1] New pcre3 packages fix buffer overflow
[DTSA-11-1] New maildrop packages fix local privilege escalation
[DTSA-12-1] New vim packages fix modeline exploits
[DTSA-13-1] New evolution packages fix format string vulnerabilities

Note that while all of Debian's architectures are supported, we may release
an advisory before fixed packages have built for all supported
architectures. If so, the missing builds will become available as they

We are not currently issuing advisories for security fixes that reach
testing through normal propagation from unstable, but only for security
fixes that are made available through our repository. So users of testing
should continue to upgrade their systems on a regular basis to get such
security fixes. We might provide information about security issues that
have been fixed through regular testing propagation in the future, though.

Note that this announcement does not mean that testing is suitable for
production use. Several security issues are present in unstable, and an
even larger number are present in testing. Our beginning of security
support only means that we are now able to begin making security fixes
available for testing nearly as quickly as for unstable. The testing
security team's website has information about what security holes are still
open, and users should use this information to make their own decisions
about whether testing is secure enough for them.

Finally, we are still in the process of working out how best to serve users
of testing and keep your systems secure, and we welcome comments and
feedback about ways to do better. You can reach the testing security team

If you want to become a mirror, please see

Debian developers who would like to upload fixes for security holes in
testing to the repository can do so, following the instructions on our web

For more information about the testing security team, see our web site,

The archive signing key that is use