--- Begin Message ---
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 3.1 updated press@debian.org
November 6th, 2006 http://www.debian.org/News/2006/20061106
------------------------------------------------------------------------
Debian GNU/Linux 3.1 updated
The Debian project is pleased to announce the fourth update of its
stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This
update mainly adds corrections for security problems to the stable
release, along with a few adjustment to serious problems. Those who
frequently update from security.debian.org won't have to update many
packages and most updates from security.debian.org are included in
this update.
Please note that this update does not constitute a new version of
Debian GNU/Linux 3.1 but only updates some of the packages included in
the stable release. There is no need to throw away 3.1 CDs or DVDs
but only to update against ftp.debian.org after an installation, in
order to incorporate those late changes.
Upgrade CD and DVD images will be created soon. No new installation
images will be created. Users are advised to update their system
against an official Debian mirror after a new installation and update
the kernel instead. For the next update new images are anticipated.
Upgrading to this revision online is usually done by pointing the
`apt' package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is
available at:
<http://www.debian.org/distrib/ftplist>
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages.
Package Reason
deal Fixes segfault on 64bit platforms
devmapper Creates LVM devices with appropriate permissions
This update also fixes an error in Debian-Installer for Sparc32 that
was introduced with the last stable update (r3).
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.
Advisory ID Package(s) Correction(s)
DSA 1152 python-docutils Information disclosure
DSA 1152 trac Information disclosure
DSA 1156 kdebase Information disclosure
DSA 1157 ruby1.8 Several vulnerabilities
DSA 1158 streamripper Arbitrary code execution
DSA 1159 mozilla-thunderbird Several vulnerabilities
DSA 1160 mozilla Several vulnerabilities
DSA 1161 mozilla-firefox Several vulnerabilities
DSA 1162 libmusicbrainz Arbitrary code execution
DSA 1163 gtetrinet Arbitrary code execution
DSA 1164 sendmail Denial of service
DSA 1165 capi4hylafax Arbitrary command execution
DSA 1166 cheesetracker Arbitrary code execution
DSA 1167 apache Several vulnerabilities
DSA 1168 imagemagick Arbitrary code execution
DSA 1169 mysql-dfsg-4.1 Several vulnerabilities
DSA 1170 gcc-3.4 Directory traversal in fastjar
DSA 1171 ethereal Arbitrary code execution
DSA 1172 bind9 Denial of service
DSA 1173 openssl RSA signature forgery cryptographic weakness
DSA 1174 openssl096 RSA signature forgery cryptographic weakness
DSA 1175 isakmpd Replay protection bypass
DSA 1176 zope2.7 Information disclosure
DSA 1177 usermin Denial of service
DSA 1178 freetype Arbitrary code execution
DSA 1179 alsaplayer Denial of service
DSA 1180 bomberclone Several vulnerabilities
DSA 1181 gzip Arbitrary code execution
DSA 1182 gnutls11 RSA signature forgery cryptographic weakness
DSA 1183 Kernel 2.4.27 Several vulnerabilities
DSA 1184 Kernel 2.6.8 Several vulnerabilities
DSA 1185 openssl Arbitrary code execution
DSA 1186 cscope Arbitrary code execution
DSA 1187 migrationtools Denial of service
DSA 1188 mailman Several vulnerabilities
DSA 1189 openssh-krb5 Potential arbitrary code execution
DSA 1190 maxdb-7.5.00 Arbitrary code execution
DSA 1191 mozilla-thunderbird Several vulnerabilities
DSA 1192 mozilla Several vulnerabilities
DSA 1194 libwmf Arbitrary code execution
DSA 1195 openssl096 Denial of service
The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<http://release.debian.org/stable/3.1/3.1r4/>
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/sarge/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.
--
To UNSUBSCRIBE, email to debian-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- End Message ---