[Technik] Debian GNU/Linux 4.0 updated

Noèl Köthe noel at debian.org
Fri Jan 11 20:25:12 CET 2008 

Am Donnerstag, den 27.12.2007, 13:03 +0100 schrieb Alexander Schmehl:

> The Debian Project                                http://www.debian.org/
> Debian GNU/Linux 4.0 updated                            press at debian.org
> December 27th, 2007             http://www.debian.org/News/2007/20071227
> 
> Debian GNU/Linux 4.0 updated

unsere etch Maschinen wurden mit den vorhandenen Bugfix Paketen
aktualisiert.

> Miscellaneous Bugfixes
> ----------------------

>    Package                 Reason
> 
>    apache2                 Fix of several CVEs

apache2 (2.2.3-4+etch3) stable; urgency=low

  * fix CVE-2007-3847: DoS in mod_proxy (for threaded MPMs)
    (Closes: #441845)
  * Don't eat all memory on graceful restart when config has changed
    from many listening sockets to one (Closes: #443196)

 -- Stefan Fritsch <sf at debian.org>  Sat, 15 Sep 2007 11:33:58 +0200

>    debconf                 Fix possible hangs during netboot installs

debconf (1.5.11etch1) stable; urgency=low

  [ Colin Watson ]
  * Make sure that apt status commands and debconf protocol commands under
    debconf-apt-progress are properly interleaved. Closes: #425397

 -- Jérémy Bobbio <lunar at debian.org>  Thu, 27 Sep 2007 12:23:27 +0200

>    findutils               Fix locate heap buffer overflow (CVE-2007-2452)

findutils (4.2.28-1etch1) stable; urgency=low

  * Fixe locate heap buffer overflow when using databases in old format.
    (CVE-2007-2452) Closes: #426862

 -- Andreas Metzler <ametzler at debian.org>  Sat,  2 Jun 2007 11:19:57 +0200

>    glibc                   Fix nscd crash

glibc (2.3.6.ds1-13etch4) stable; urgency=low

  * patches/any/cvs-vfscanf.diff: add additional test for EOF
    in loop to look for conversion specifier to avoid testing of
    wrong errno value.  Closes: #426000.

 -- Aurelien Jarno <aurel32 at debian.org>  Fri, 17 Aug 2007 00:24:28 +0200

glibc (2.3.6.ds1-13etch3) stable; urgency=low

  * patches/any/cvs-nscd-free.diff: fix nscd crash. Closes: #425404.

 -- Aurelien Jarno <aurel32 at debian.org>  Mon, 02 Jul 2007 00:59:13 +0200


>    libdbi-perl             Fix potential dataloss

libdbi-perl (1.53-1etch1) stable; urgency=medium

  * Applied a backported 2-line patch for a "potential" dataloss
    problem (confirmed in the changelog of 1.57) which turned out to be a 
    real problem as written by a user. I applied only the second part of 
    the user submitted patch as suggested by the DBI author.  

 -- Christian Hammers <ch at debian.org>  Sun, 19 Aug 2007 19:53:18 +0200

>    pam                     Fix CVE-2005-2977

pam (0.79-5) proposed-updates; urgency=low

  * CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an
    arbitrary username, and then only when SELinux is active.  In all other
    cases root should have privileges to access /etc/shadow directly, and
    non-root users are not allowed access under the default security policy.
    This fixes a low-impact brute-force vector when SELinux is enabled and
    running in non-enforcing mode.  Closes: #336344.

 -- Steve Langasek <vorlon at debian.org>  Sun, 21 Oct 2007 12:22:42 -0700

>    postgresql-8.1          Fix regression introduced in 8.1.9

postgresql-8.1 (8.1.9-0etch2) stable; urgency=high

  * Add debian/patches/00upstream-01-polymorphic-functions.patch:
    - Fix regression introduced in 8.1.9: Polymorphic SQL functions with an
      "anyelement" return value stopped working.
    - Patch taken from 8.1 branch of upstream CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.201.2.3&r2=1.201.2.4
    - Also backported the test cases for this. They only affect build time,
      not the built .debs, and verify that the fix works, so this should be in
      a stable update, too. Taken from upstream CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/polymorphism.out.diff?r1=1.7&r2=1.7.2.1
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/polymorphism.sql.diff?r1=1.1&r2=1.1.10.1
    - Closes: #429696

 -- Martin Pitt <mpitt at debian.org>  Sat, 23 Jun 2007 18:54:57 +0200

>    tzdata                  Recent timezone updates

tzdata (2007j-1etch1) stable; urgency=low

  * New upstream release for Etch:
    - Only the timezone definitions have been changed, all scripts are
      left unchanged.

 -- Aurelien Jarno <aurel32 at debian.org>  Mon, 10 Dec 2007 10:41:04 +0100

tzdata (2007f-1etch1) stable; urgency=low

  * New upstream release for Etch:
    - Only the timezone definitions have been changed, all scripts are
      left unchanged.
    - Includes new DST rules for New Zealand (closes: bug#433869).

 -- Aurelien Jarno <aurel32 at debian.org>  Tue, 31 Jul 2007 13:13:50 +0000

> Security Updates
> ----------------

wurden bereits zeitnah nach bekannt werden der DSAs installiert.

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080111/0d93558b/attachment.pgp

More information about the Technik mailing list