[nflug] Debian GNU/Linux 3.1 updated

Robert Wolfe robert at niagara-panux.com
Mon Dec 31 20:59:23 EST 2007


------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian GNU/Linux 3.1 updated                            press at debian.org
December 27th, 2007             http://www.debian.org/News/2007/20071228
------------------------------------------------------------------------

Debian GNU/Linux 3.1 updated

The Debian project is pleased to announce the seventh update of its
old stable distribution Debian GNU/Linux 3.1 (codename `sarge').  This
is the first time we update the old stable distribution during the
lifetime of the stable distribution.  This update mainly adds
corrections for security problems to the oldstable release, along with
a few adjustments to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included.  There is
no need to throw away 3.1 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
`aptitude' (or `apt') package tool (see the sources.list(5) manual
page) to one of Debian's many FTP or HTTP mirrors.  A comprehensive
list of mirrors is available at:

   <http://www.debian.org/distrib/ftplist>


Debian-Installer Update
-----------------------

With this release the installation system for sarge gains full support for
installing `oldstable' from network mirrors.  This includes base-config.

The installer also uses and supports the updated kernels included in this
revision.  This causes old netboot and floppy images to stop working,
updated versions are available from the regular locations.

Other changes are a final fix to prevent leakage of sensitive data through
saved log files and a minor fix in the partman-jfs component.


Miscellaneous Bugfixes
----------------------

This update adds several binary-only updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

  Package                     Reason

  adesklets                   Bring architectures back in sync
  agenda.app                  Bring architectures back in sync
  antlr                       Bring architectures back in sync
  apache2                     Fix several minor vulnerabilities
  asterisk-spandsp-plugins    Bring architectures back in sync
  atomix                      Bring architectures back in sync
  bazaar                      Bring architectures back in sync
  camediaplay                 Bring architectures back in sync
  commons-daemon              Bring architectures back in sync
  debtags-edit                Bring architectures back in sync
  fai-kernels                 Rebuild against latest kernel update
  fet                         Bring architectures back in sync
  freepops                    Bring architectures back in sync
  gaim-encryption             Bring architectures back in sync
  gff2aplot                   Bring architectures back in sync
  gnuradio-core               Bring architectures back in sync
  gr-audio-oss                Bring architectures back in sync
  iroffer                     Bring architectures back in sync
  joystick                    Bring architectures back in sync
  k3d                         Bring architectures back in sync
  kdissert                    Bring architectures back in sync
  kernel-latest-2.6-alpha     Meta package for new kernel ABI
  kernel-latest-2.6-amd64     Meta package for new kernel ABI
  kernel-latest-2.6-hppa      Meta package for new kernel ABI
  kernel-latest-2.6-i386      Meta package for new kernel ABI
  kernel-latest-2.6-sparc     Meta package for new kernel ABI
  kernel-latest-2.6-powerpc   Meta package for new kernel ABI
  kernel-source-2.6.8         Several fixes and driver updates
  kexi                        Bring architectures back in sync
  kimdaba                     Bring architectures back in sync
  leafpad                     Bring architectures back in sync
  libdbd-sqlite2-perl         Bring architectures back in sync
  libgconf-java               Bring architectures back in sync
  libglade-java               Bring architectures back in sync
  libgnome-java               Bring architectures back in sync
  ocaml-http                  Bring architectures back in sync
  octaviz                     Bring architectures back in sync
  osspsa                      Bring architectures back in sync
  paje.app                    Bring architectures back in sync
  pasmo                       Bring architectures back in sync
  plptools                    Bring architectures back in sync
  pwlib                       Fix remote denial of service
  python-biopython            Bring architectures back in sync
  realtimebattle              Bring architectures back in sync
  scalapack                   Bring architectures back in sync
  skippy                      Bring architectures back in sync
  swt-gtk                     Bring architectures back in sync
  vgrabbj                     Bring architectures back in sync
  visitors                    Bring architectures back in sync
  wesnoth                     Fix denial of service
  ximian-connector            Bring architectures back in sync
  xwine                       Bring architectures back in sync


Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.

Advisory ID    Package                  Correction(s)

  DSA 1267    webcalendar              Remote file inclusion
  DSA 1282    php4                     Several vulnerabilities
  DSA 1284    qemu                     Several vulnerabilities
  DSA 1287    ldap-account-manager     Several vulnerabilities
  DSA 1290    squirrelmail             Cross-site scripting
  DSA 1291    samba                    Several vulnerabilities
  DSA 1293    quagga                   Denial of service
  DSA 1294    rdesktop                 Several vulnerabilities
  DSA 1294    xfree86                  Several vulnerabilities
  DSA 1307    openoffice.org           Arbitrary code execution
  DSA 1310    libexif                  Arbitrary code execution
  DSA 1311    postgresql               Privilege escalation
  DSA 1312    libapache-mod-jk         Information disclosure
  DSA 1323    krb5                     Several vulnerabilities
  DSA 1325    evolution                Several vulnerabilities
  DSA 1326    fireflier                Unsafe temporary files
  DSA 1329    gfax                     Privilege escalation
  DSA 1331    php4                     Arbitrary code execution
  DSA 1332    vlc                      Arbitrary code execution
  DSA 1334    freetype                 Arbitrary code execution
  DSA 1335    gimp                     Arbitrary code execution
  DSA 1336    mozilla-firefox          Several vulnerabilities
  DSA 1342    bind9                    DNS cache poisoning
  DSA 1343    file                     Arbitrary code execution
  DSA 1347    xpdf                     Arbitrary code execution
  DSA 1349    libextractor             Arbitrary code execution
  DSA 1350    tetex-bin                Arbitrary code execution
  DSA 1351    bochs                    Privilege escalation
  DSA 1352    pdfkit.framework         Arbitrary code execution
  DSA 1353    tcpdump                  Arbitrary code execution
  DSA 1354    gpdf                     Arbitrary code execution
  DSA 1358    asterisk                 Several vulnerabilitie
  DSA 1364    vim                      Several vulnerabilites
  DSA 1421    wesnoth                  Arbitrary file disclosure
  DSA 1426    qt-x11-free              Several vulnerabilities
  DSA 1427    samba                    Arbitrary code execution
  DSA 1433    centericq                Arbitrary code execution
  DSA 1435    clamav                   Several vulnerabilities


The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

 <http://release.debian.org/oldstable/3.1/3.1r7/>


URLs
----

The complete lists of packages that have changed with this revision:

 <http://ftp.debian.org/debian/dists/sarge/ChangeLog>

The current oldstable distribution:

 <http://ftp.debian.org/debian/dists/oldstable>

Proposed updates to the oldstable distribution:

 <http://ftp.debian.org/debian/dists/oldstable-proposed-updates>

Oldstable distribution information (release notes, errata etc.):

 <http://www.debian.org/releases/oldstable/>

Security announcements and information:

 <http://www.debian.org/security/>


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press at debian.org>, or
contact the stable release team at <debian-release at lists.debian.org>.


--
To UNSUBSCRIBE, email to debian-announce-REQUEST at lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org


More information about the nflug mailing list