Debian GNU/Linux Changelog

New in version 8 RC1

January 26th, 2015
  • Important changes in this release of the installer:
  • check-missing-firmware (in hw-detect) was updated to look at the kernel logs to determine which firmwares might be missing. This fixes the longstanding regression in this area compared to the Wheezy release (#725714).
  • Artwork was updated to use the new "Lines" theme by Juliette Belin.
  • Due to a change on the linux kernel side, the "---" separator is now used instead of the historical "--" one to separate kernel parameters from userland parameters. This makes it possible for user-params to do its job, and copy e.g. console="..." settings where they're expected in the installed system.
  • On the i386 architecture, the 486 kernel flavour was renamed to 586 since it was determined that 486 hadn't been supported in a long while.
  • Other changes in this release of the installer:
  • brltty:
  • Update autostart rules with newer devices.
  • Fix auto-starting at-spi and orca in XFCE and LXDE.
  • choose-mirror: Update the mirror list (this includes dropping cdn.debian.net).
  • debootstrap: Add support for Debian stretch and Ubuntu vivid.
  • debian-installer: Update documentation of required minimum disk size.
  • efibootmgr: Better handle unreadable boot variables (#768880).
  • espeakup:
  • Fix spelling keystrokes and char-by-char echo (#767595).
  • Fix spelling capital keystrokes (#770753).
  • grub2: Add support for forcing an extra copy of grub-efi to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI (#767037, #773092, #773004).
  • grub-installer:
  • Recognise the new ignore_uefi flag from partman-efi.
  • Add extra support for forcing installation to the EFI removable media path (#767037).
  • Add support for grub-installer/bootdev=default (#759737). To be used with caution!
  • libdebian-installer: Recognise the new ignore_uefi flag from partman-efi.
  • linux: Add ".0" to the kernel version string (#742226, #745984).
  • netcfg:
  • Add support for /etc/network/interfaces.d/ (#770078).
  • Fix missing bounds check on nameserver array iteration, leading to a crash when 4 (or more) nameservers are available (#768218).
  • partman-crypto: Add support for preseeding passphrases (#656710). To be used with caution!
  • partman-efi:
  • Set the "esp" flag for the ESP System Partition (#768788).
  • Warn the user if we've booted in UEFI mode but we seem to have only non-UEFI existing OS installations - give them the option to switch the installer to non-UEFI mode from this point forwards so they don't break potential dual-boot setup (#763127).
  • Force umask for /boot/efi in mount options (#770033).
  • Only display "Force UEFI installation" dialog for x86 (#773311).
  • partman-md: Fix mdadm.conf generation (#763073).
  • win32-loader:
  • Disable "Download Debian GNU/kFreeBSD as stable" as this won't be possible in Jessie.
  • Drop now-redundant desktop selection (#762478).
  • Avoid dll dependency issues (#772898).
  • Hardware support changes:
  • debian-installer:
  • Add hd-media support for the armhf platform.
  • Add scsi-modules to the cdrom flavour on ppc64el to be able to access the CD-ROM drive.
  • Add grub.cfg to x86 netboot mini.iso for use on EFI systems (#762618).
  • Add virtio-modules udebs to more arm images.
  • Provide a PXE bootable grub.efi in the netboot flavour for amd64 and arm64.
  • linux:
  • [armhf] Add udeb modules to support video and keyboard for imx6 (#770635).
  • [i386] Rename 486 flavour to 586 for udebs (#768288).
  • [armhf] add chipidea usb host driver to usb-modules for i.MX6.
  • [armhf] Add mtd-modules udeb.
  • [armhf] Add Exynos5 disk/usb/nic modules to udebs.
  • [armhf] Backport BananaPi device tree files (#763897).
  • udeb: Add pata_rdc to pata-modules (#633128).
  • partman-base: Improve detection of bootloader area, for Freescale and AM33XX systems (770666).
  • u-boot:
  • [armhf] Add Bananapi target.
  • Enable A10-OLinuXino-Lime, A20-OLinuXino-LIME, Cubieboard2, and Cubieboard2_FEL targets (#762383).
  • Disable efikamx and efikasb targets.
  • Add nitrogen6q support to u-boot-imx.
  • Add support for the Arndale board (#763186).
  • Build FEL variants for all sunxi platforms.
  • Localization status:
  • 75 languages are supported in this release.
  • Full translation for 19 of them.

New in version 8 Beta 2 (October 6th, 2014)

  • Important changes in this release of the installer:
  • Gnome is now the default desktop environment on Linux again.
  • A list of desktop environments is displayed in tasksel, making it easy to install another desktop environment (or several of them). Unfortunately that is currently a bit underdocumented (#764026).
  • Preliminary support for the arm64 and ppc64el architectures has been added.
  • Other changes in this release of the installer:
  • brltty: Append the configuration inherited from d-i to the end of brltty.conf instead of overwriting it (which was thus losing the documentation for the user).
  • brltty: Enable accessibility in XFCE, LXDE and MATE sessions too.
  • busybox: Add support for /32 subnets in udhcpc script (#652573).
  • choose-mirror: Strip off any scheme part found at the start of mirror/*/hostname (#706191).
  • console-setup: Correct default keymap for South Korea (#756052).
  • console-setup: Use nepali keymap for Nepali and Tharu by default.
  • debian-installer:
  • Fix the PXE boot images built for kfreebsd, hurd (#759686).
  • Add fonts-lohit-guru-udeb to gtk images, fixing rendering for Punjabi (#761573).
  • Remove desktop selection from syslinux; now available in tasksel.
  • Keep Linux modules.builtin file in the initrd.
  • Fix lib location and search path for syslinux >= 5 (#756275).
  • fontconfig: Add conf.avail directory to the udeb, fixing broken Monospace font in graphical installer (#739011).
  • hw-detect: Improve driver injection disk support.
  • hw-detect: Move firmware installation code to pre-pkgsel.d
  • hw-detect: Correct detection of Macs needing to blacklist snd-aoa modules (#650588).
  • iso-scan: Do not error out when searching in folders with shell-special characters in their name (#640789).
  • lowmem: Update lowmem limits for linux-x86.
  • lowmem: Make the / ramfs fill the whole memory again (#759336).
  • netcfg: Do not kill_dhcp_client after setting the hostname and domain, otherwise Linux udhcpc will stop renewing its lease, and on other platforms dhclient will de-configure the network interface (#757711, #757988).
  • netcfg: Don't copy /etc/network/interfaces to /target if netcfg/target_network_config=ifupdown (#709017).
  • netcfg: Fix support for entering an ESSID manually, it was previously getting ignored (#757478).
  • preseed: Update auto-install/defaultroot for jessie.
  • preseed: Always disable locale & keyboard question when auto is enabled, even if no preseed file was given on boot, in case the dhcp server provides it (#759290).
  • rootskel: Update lowmem limit for gtk on linux-x86.
  • rootskel: Use a tmpfs for some directories to avoid running out of space in the fixed-size initrd on kfreebsd-(#757985).
  • rootskel-gtk: Update gtk-set-font to learn a new mapping (Lohit Punjabi).
  • Hardware support changes:
  • libdebian-installer: arm64: Detect UEFI based systems as "efi" subarch.
  • libdebian-installer: Add ppc64 and ppc64el support.
  • linux:
  • Include preliminary support for arm64 and ppc64el.
  • udeb: Add ccm, ctr to crypto-modules (#761902).
  • [armhf] udeb: Add ehci-platform, ohci-platform and phy-sun4i-usb to usb-modules (#761591).
  • udeb: Add rsi_usb to nic-wireless-modules
  • udeb: Add ath6kl_sdio, libertas_cs, libertas_sdio, mwifiex_sdio, r8192u_usb, r8723au, rtl8188eu, rtl818x_pci, rtl8723be, rtl8821ae, spectrum_cs to nic-wireless-modules.
  • [armel/orion5x] udeb: Include mvmdio in nic-modules udeb.
  • udeb: Add new sound drivers to sound-modules (#756998).

New in version 8 Beta 1 (August 14th, 2014)

  • Important changes in this release of the installer:
  • Gnome installation images have been fixed (#756774): they will now really install Gnome (instead of Xfce). They should offer the best experience as far as accessibility is concerned.
  • A major parted release was merged lately, and many related components needed an update accordingly. If you experience any troubles during the partitioning step, please make sure to include /var/log/syslog (as usual) but also /var/log/partman in your installation report.
  • A major release of syslinux also appeared, with incompatible changes. It has consequences on various aspects, including PXE setups (see Ron's analysis in #757920), and theming. The artwork part will be dealt with in a later installer release.
  • The default init system on Linux is now systemd.
  • Other changes in this release of the installer:
  • cdebconf: Resize banner when window width and banner width don't match (#745359).
  • debian-installer:
  • Deal with incompatible changes in syslinux.
  • Drop some parted_server functions (due to parted changes).
  • kfreebsd-9: replaced with kfreebsd-10.
  • linux: updated to 3.14.15.
  • preseed: Re-enable keyboard question on file preseed (#696857).
  • Hardware support changes:
  • debian-installer:
  • Add support for mipsel/loongson-3.
  • Add support for QNAP HS-210.
  • Add support for D-Link DNS-320.
  • Add some dtb files for armhf and armel/kirkwood.
  • Drop support for armhf/efikamx (no longer supported upstream).
  • linux:
  • [armhf] Add MMC and NIC modules for BeagleBone Black to udebs (#754491).
  • [armhf] Add virtio-modules udeb.
  • [armhf] Enable BRCMFMAC, BRCMFMAC_SDIO as modules (#734430).
  • [armhf] Backport sunxi AHCI and GMAC drivers from v3.15-rc1.
  • [armhf] Enable more Allwinner/sunxi drivers (#745972).
  • [mips*] Add few new udebs and use standard udebs configuration when possible.
  • [mips,mipsel] Remove the sb1a-bcm91480b flavour.
  • [mipsel/loongson3] Add support for Loongson 3 LS3A RS780E 1-way boards.
  • [mips,mipsel] Enable initramfs for all flavours, but keep the disk related drivers built-in for now.
  • [mips/octeon] Backport from upstream PCIe2 support and interface mode detection for Octeon.
  • [mips,mipsel/4kc-malta] Fix bug which can cause incorrect system call restarts (fix hang on boot).
  • [x86] udeb: Add hyperv-keyboard to hyperv-modules.
  • udeb: Add sdhci-acpi to mmc-modules (#747284).
  • udeb: Add mtip32xx, nvme to sata-modules.
  • udeb: Update sound-modules (#743319).
  • Include virtio_mmio in virtio-modules udeb when available.
  • u-boot:
  • Add support for some CuBox and Cubieboard targets.
  • Drop support for powerpc.
  • Localization status:
  • 75 languages are supported in this release.
  • Full translation for 12 of them.

New in version 6.0.10 (July 20th, 2014)

  • This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

New in version 7.5.0 (April 29th, 2014)

  • This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

New in version 8 Alpha 1 (March 19th, 2014)

  • Improvements in this release of the installer:
  • Many components were updated during the beginning of the Jessie release cycle, so a full list of changes is not included in this announcement.
  • apt-setup: Avoid hang due to interactive apt-cdrom (#740673).
  • grub-installer: Support menu selection of GRUB boot disk (#706112).
  • Behavorial changes in this release:
  • Xfce is the default desktop environment for the time being. Quoting tasksel's changelog: "this will be re-evaluated in August 2014, and may change again before Jessie is released".
  • It's still possible to select an alternative desktop to install at the boot prompt; installation images are available for the various major desktop environments as usual.
  • Hardware support changes:
  • The ia64 architecture has been removed from the archive, and is no longer supported.
  • The s390 architecture has been replaced with the s390x architecture.
  • It wasn't possible to build the installer for sparc (#731806), so no installation images are available for this architecture. Its future as an official port is being evaluated by the release team.
  • The Linux kernel has been updated from 3.2 to 3.13.
  • The FreeBSD kernel has been updated from 9.0 to 9.2.
  • armel: The iop32x flavour has been dropped.
  • armhf: The armmp flavour has been added; it covers both mx5 and vexpress.
  • mipsel: The cobalt flavour has been dropped.
  • s390x: The tape flavour has been dropped.

New in version 6.0.9 (February 15th, 2014)

  • This update mainly adds corrections for security problems to the old stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

New in version 7.4.0 (February 10th, 2014)

  • This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

New in version 7.0 (May 5th, 2013)

  • Apache 2.2.22
  • Asterisk 1.8.13.1
  • GIMP 2.8.2
  • an updated version of the GNOME desktop environment 3.4
  • GNU Compiler Collection 4.7.2
  • Icedove 10 (an unbranded version of Mozilla Thunderbird)
  • Iceweasel 10 (an unbranded version of Mozilla Firefox)
  • KDE Plasma Workspaces and KDE Applications 4.8.4
  • kFreeBSD kernel 8.3 and 9.0
  • LibreOffice 3.5.4
  • Linux 3.2
  • MySQL 5.5.30
  • Nagios 3.4.1
  • OpenJDK 6b27 and 7u3
  • Perl 5.14.2
  • PHP 5.4.4
  • PostgreSQL 9.1
  • Python 2.7.3 and 3.2.3
  • Samba 3.6.6
  • Tomcat 6.0.35 and 7.0.28
  • Xen Hypervisor 4.1.4
  • the Xfce 4.8 desktop environment
  • X.Org 7.7
  • more than 36,000 other ready-to-use software packages, built from nearly 17,500 source packages.

New in version 6.0.7 (February 23rd, 2013)

  • Miscellaneous Bugfixes:
  • apt-show-versions Fix detection of squeeze-updates and squeeze; update official distribution list
  • base-files Update for the point release
  • bcron Don't allow jobs access to other jobs' temporary files
  • bind9 Update IP for "D" root server
  • bugzilla Add dependency on liburi-perl, used during package configuration
  • choose-mirror Update URL for master mirror list
  • clamav New upstream version
  • claws-mail Fix NULL pointer dereference
  • clive Adapt for youtube.com changes
  • cups Ship cups-files.conf's manpage
  • dbus Avoid code execution in setuid/setgid binaries
  • dbus-glib Fix authentication bypass through insufficient checks (CVE-2013-0292)
  • debian-installer Rebuild for 6.0.7
  • debian-installer-netboot-images Rebuild against debian-installer 20110106+squeeze4+b3
  • dtach Properly handle close request (CVE-2012-3368)
  • ettercap Fix hosts list parsing (CVE-2013-0722)
  • fglrx-driver Fix diversion-related issues with upgrades from lenny
  • flashplugin-nonfree Use gpg --verify
  • fusionforge Lenny to squeeze upgrade fix
  • gmime2.2 Add Conflicts: libgmime2.2-cil to fix upgrades from lenny
  • gzip Avoid using memcpy on overlapping regions
  • ia32-libs Update included packages from stable / security.d.o
  • ia32-libs-core Update included packages from stable / security.d.o
  • kfreebsd-8 Fix CVE-2012-4576: memory access without proper validation in linux compat system
  • libbusiness-onlinepayment-ippay-perl Backport changes to IPPay gateway's server name and path
  • libproc-processtable-perl Fix unsafe temporary file usage (CVE-2011-4363)
  • libzorpll Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev
  • linux-2.6 Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs
  • linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-48
  • linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-48
  • magpierss Fix upgrade issue
  • maradns Fix CVE-2012-1570 (deleted domain record cache persistence flaw)
  • mediawiki Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit
  • moodle Multiple security fixes
  • nautilus Add Breaks: samba-common (= 1.4
  • swath Fix potential buffer overflow in Mule mode
  • swi-prolog Fix buffer overruns
  • ttf-ipafont Fix removal of alternatives
  • tzdata New upstream version; fix DST for America/Bahia (Brazil)
  • unbound Update IP address hints for D.ROOT-SERVERS.NET
  • xen Fix clock breakage
  • xnecview Fix FTBFS on armel
  • Security Updates:
  • DSA-2550 asterisk Multiple issues
  • DSA-2551 isc-dhcp Denial of service
  • DSA-2552 tiff Multiple issues
  • DSA-2553 iceweasel Multiple issues
  • DSA-2554 iceape Multiple issues
  • DSA-2555 libxslt Multiple issues
  • DSA-2556 icedove Multiple issues
  • DSA-2557 hostapd Denial of service
  • DSA-2558 bacula Information disclosure
  • DSA-2559 libexif Multiple issues
  • DSA-2560 bind9 Denial of service
  • DSA-2561 tiff Buffer overflow
  • DSA-2562 cups-pk-helper Privilege escalation
  • DSA-2563 viewvc Multiple issues
  • DSA-2564 tinyproxy Denial of service
  • DSA-2565 iceweasel Multiple issues
  • DSA-2566 exim4 Heap overflow
  • DSA-2567 request-tracker3.8 Multiple issues
  • DSA-2568 rtfm Privilege escalation
  • DSA-2569 icedove Multiple issues
  • DSA-2570 openoffice.org Multiple issues
  • DSA-2571 libproxy Buffer overflow
  • DSA-2572 iceape Multiple issues
  • DSA-2573 radsecproxy SSL certificate verification weakness
  • DSA-2574 typo3-src Multiple issues
  • DSA-2575 tiff Heap overflow
  • DSA-2576 trousers Denial of service
  • DSA-2577 libssh Multiple issues
  • DSA-2578 rssh Multiple issues
  • DSA-2579 apache2 Multiple issues
  • DSA-2580 libxml2 Buffer overflow
  • DSA-2582 xen Denial of service
  • DSA-2583 iceweasel Multiple issues
  • DSA-2584 iceape Multiple issues
  • DSA-2585 bogofilter Heap-based buffer overflow
  • DSA-2586 perl Multiple issues
  • DSA-2587 libcgi-pm-perl HTTP header injection
  • DSA-2588 icedove Multiple issues
  • DSA-2589 tiff Buffer overflow
  • DSA-2590 wireshark Multiple issues
  • DSA-2591 mahara Multiple issues
  • DSA-2592 elinks Programming error
  • DSA-2593 moin Multiple issues
  • DSA-2594 virtualbox-ose Programming error
  • DSA-2595 ghostscript Buffer overflow
  • DSA-2596 mediawiki-extensions Cross-site scripting in RSSReader extension
  • DSA-2597 rails Input validation error
  • DSA-2598 weechat Multiple issues
  • DSA-2599 nss Mis-issued intermediates
  • DSA-2600 cups Privilege escalation
  • DSA-2601 gnupg2 Missing input sanitation
  • DSA-2601 gnupg Missing input sanitation
  • DSA-2602 zendframework XML external entity inclusion
  • DSA-2603 emacs23 Programming error
  • DSA-2604 rails Insufficient input validation
  • DSA-2605 asterisk Multiple issues
  • DSA-2606 proftpd-dfsg Symlink race
  • DSA-2607 qemu-kvm Buffer overflow
  • DSA-2608 qemu Buffer overflow
  • DSA-2609 rails SQL query manipulation
  • DSA-2610 ganglia Remote code execution
  • DSA-2611 movabletype-opensource Multiple issues
  • DSA-2612 ircd-ratbox Remote crash
  • DSA-2613 rails Insufficient input validation
  • DSA-2614 libupnp Multiple issues
  • DSA-2615 libupnp4 Multiple issues
  • DSA-2616 nagios3 Buffer overflow vulnerability
  • DSA-2617 samba Multiple issues
  • DSA-2618 ircd-hybrid Denial of service
  • DSA-2619 xen-qemu-dm-4.0 Buffer overflow
  • DSA-2620 rails Multiple issues
  • DSA-2621 openssl Multiple issues
  • DSA-2622 polarssl Multiple issues
  • DSA-2623 openconnect Buffer overflow
  • DSA-2624 ffmpeg Multiple issues
  • DSA-2625 wireshark Multiple issues
  • DSA-2626 lighttpd Multiple issues
  • DSA-2627 nginx Information leak

New in version 7.0 RC1 (February 21st, 2013)

  • brltty:
  • Fix support for the theme=dark accessibility option (#696972).
  • Enable orca in gnome3 sessions too.
  • Please note: the gdm3 prompt isn't accessible (#694937).
  • cdebconf:
  • Fix display of info messages (e.g. "Rescue mode" in the banner).
  • Improve speech synthesis support.
  • debconf: Fix misleading man-db title for GRUB prompt (#679327).
  • debian-cd:
  • Improve GRUB menus used when booting in UEFI mode so they match up better with the equivalent syslinux menus.
  • Change the default UEFI display resolution to 800x600 for maximum compatibility.
  • Fix README.html generation (#699198).
  • debian-installer-utils: Fix procfs mounting on GNU/kFreeBSD (#696901).
  • grub2:
  • Improve support for EFI installs: make sure /boot/grub exists, and copy unicode.pf2 there (#696962, #661789).
  • Fix infinite recursion in gettext when translation fails (#611537 and many others).
  • lowmem: Adjust lowmem limit for GNU/kFreeBSD needed for ZFS volumes (#696786).
  • mountmedia:
  • Revert kernel bug workaround (#694082).
  • Firmware loading issues should disappear accordingly.
  • netcfg: Write network-manager configuration (included wireless settings when applicable) if it's found in the installed system; configure ifupdown for wired networking otherwise (#682608).
  • oldsys-preseed:
  • Ignore a missing gateway with DHCP (#687212).
  • Use netcfg/disable_autoconfig instead of netcfg/disable_dhcp (#689531).
  • preseed: Deal with URLs that consist of an unqualified machine name and a port (#695908).
  • qcontrol: Disable firmware watchdog on TS-219p II and TS-419p II (#693263).
  • rootskel: Use the same keymap in the virtual consoles as the one selected in the graphical installer (#606395).
  • xorg-server: Avoid cursor jumps in VirtualBox (#694598).

New in version 6.0.6 (October 1st, 2012)

  • alpine Fix crash in embedded UW-IMAP copy
  • apache2 mod_negotiation - fix CVE-2012-2687;
  • mod_cache - don't cache partial
  • connections; read timeouts should
  • result in a 408
  • automake1.10 Fix CVE-2012-3386
  • automake1.11 Fix CVE-2012-3386
  • automake1.7 Fix CVE-2012-3386
  • automake1.9 Fix CVE-2012-3386
  • base-files Update /etc/debian_version for the point release
  • checkgmail Fix GMail authentication issues
  • clamav New upstream release
  • debian-archive-keyring Add wheezy stable and archive signing keys
  • dpkg Ensure a reliable unpack on SELinux systems
  • eglibc Really enable
  • patches/any/cvs-dlopen-tls.diff; fix FORTIFY_SOURCE format string
  • protection bypass; fix a DoS in RPC implementation
  • emesene Update contact end-point to local-bay.contacts.msn.com
  • geshi Fix 'Local File Inclusion Vulnerability in contrib script'
  • gosa Security fix (missing escaping)
  • ia32-libs Update packages
  • libconfig-inifiles-perl Fix insecure temporary file use
  • libgc Check for integer overflow in internal
  • malloc and calloc routines
  • libmtp Fix device flags for some devices; add
  • support for new devices
  • libxslt Fix CVE-2011-1202, CVE-2011-3970,
  • CVE-2012-2825
  • links2 Security fixes
  • linux-2.6 DRM fixes; leap second fix; security fixes; various driver fixes
  • linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-46
  • linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-46
  • lockfile-progs Ensure the correct PID is used when creating lockfiles
  • mysql-mmm Add dependency on libpath-class-perl
  • network-manager Stop allowing ad-hoc WPA networks to be created; kernel bugs mean they get created as open networks
  • nss-pam-ldapd Support larger gecos values;
  • reliability fixes
  • nvidia-graphics-drivers Fix information leak in the kernel
  • module; fix arbitrary memory access
  • vulnerability; fix local privilege
  • escalation through VGA window manipulation
  • nvidia-graphics-modules Rebuild against 195.36.31-6squeeze1
  • kernel modules for security fixes;
  • rebuild to fix CVE-2012-4225
  • php-memcached Fix session.gc_maxlifetime handling
  • plymouth Fix the init script to not fail when the package is removed
  • policyd-weight Remove rfc-ignorant.org RBLs (due to
  • upcoming shutdown) and
  • rbl.ipv6-world.net
  • postgresql-common Do not remove the PID file after
  • SIGKILLing the postmaster in the last-ditch
  • powertop Fix segfault on newer kernels with large config files
  • publican Add dependency and build-dependency on libio-string-perl
  • rstatd Support Linux 3.x kernels
  • spip Fix base name disclosure; security fixes
  • tor New upstream; fix TLS 1.1/1.2
  • renegotiation with openssl 1.0.1;
  • fix potential DOS; fix two crashes and
  • an information disclosure issue
  • ttb Add dependency on python-glade2
  • vte Fix a memory exhaustion vulnerability
  • wims Fix installation problem
  • wireshark Fix crashes in ANSI A detector and
  • pcap / pcap-ng parsers
  • xserver-xorg-video-intel UXA/glyphs: fall back instead of
  • crashing on large strings
  • yaws Fix RNG strength; fix mail config loading

New in version 6.0.2 (June 28th, 2011)

  • aide Properly support large files on 32-bit systems; fix group for bind9 log files
  • approx Don't try caching InRelease or non-.gz compressed files
  • apr Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*
  • apt Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support
  • apt-listchanges Correctly handle NEWS files containing only one entry
  • base-files Update /etc/debian_version
  • clive Adapt for liveleak.com changes
  • dbus Fix local DoS for system services (CVE-2011-2200)
  • deborphan Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes
  • dokuwiki Fix an ACL bypass issue in the XMLRPC interface
  • dpkg Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration
  • e2fsprogs Various bug fixes
  • fakechroot Fix 'debootstrap --variant=fakechroot'
  • fcgiwrap Fix init script's 'stop' target
  • gdm3 Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down
  • git Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user
  • gnome-settings-daemon Work around possible race condition when starting Xsettings manager
  • ia32-libs Refresh packages from stable and proposed-updates.
  • iceowl Security updates
  • im-config Avoid breaking login via GDM if im-config is removed but not purged
  • inn Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default
  • josm Give more verbose explanation to users who haven't agreed to the new OSM license
  • kde4libs Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes
  • kdenetwork Improve fix for CVE-2010-1000 directory traversal issue
  • kernel-wedge Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules
  • kerneltop Increase line buffer size to 1024 bytes
  • klibc ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)
  • krb5 Fix DoS; fix interoperability with w2k8r2 KDCs; fix invalid free and double free; don't make authentication fail if PAC verification fails
  • kupfer Use correct parameter type to allow keybindings to work again
  • libapache2-mod-perl2 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
  • libburn Don't create images with overly-restrictive permissions
  • libfinance-quotehist-perl Disable test suite, broken by website changes
  • libmms Fix alignment issues on arm
  • linux-2.6 New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables
  • linux-kernel-di-amd64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-armel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-i386-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-ia64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-mips-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-mipsel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-powerpc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-s390-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • linux-kernel-di-sparc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
  • lua-expat Fix the 'billion laughs' DoS attack
  • monkeysphere Fix monkeysphere-host revoke-key
  • nagios-plugins Allocate a big enough buffer to handle all IPs of hosts being pinged
  • nsd3 Remove statoverride before removing the package's user
  • openldap Fix possible database corruption issues, several security issues and dpkg-reconfigure
  • php-svn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
  • php5 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
  • pianobar Update API keys for XMLRPC v30
  • postgresql-8.4 New upstream bugfix release; fix pg_upgrade use with TOAST tables
  • prosody Fix the 'billion laughs' DoS attack
  • puppet Fix service provider to properly use update-rc.d disable API
  • python-apt Strip multiarch by default in RealParseDepends; add XZ support
  • python-gudev Add missing dependency on python-gobject
  • q4wine Stop shipping the library in lib64
  • qemu Don't register qemu-mips(el) with binfmt on mips(el)
  • qemu-kvm Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit
  • qt4-x11 Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification
  • rapidsvn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
  • refpolicy Various permissions fixes
  • reprepro Handle Release files which don't contain md5sums
  • ruby1.8 Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8
  • samba Fix undefined symbol error from tdb2.so; several printing related bugs and a gid leak in winbind / idmap. Document the new and potentially disruptive 'map untrusted to domain'
  • schroot Fix loading of dchroot.conf
  • softhsm Remove statoverride entries before the package's user
  • sun-java6 New upstream security update
  • tzdata New upstream version
  • vimperator Resolve compatibility issues with iceweasel
  • widelands Fix potential security issue in Internet games
  • xenomai Adapt kernel patch to apply cleanly to squeeze's kernel
  • xserver-xorg-video-tseng Fix driver initialisation

New in version 6.0.1 (March 21st, 2011)

  • apt-dater Correct syntax of default configuration file
  • base-files Update /etc/debian_version for the point release
  • cdebconf Allow the GTK frontend to be used in a window managed environment
  • clamav New upstream bugfix release
  • clive Adapt for youtube.com changes
  • cmake Rebuild upstream tarball to remove undistributable Windows build systems files
  • console-setup Fix Swiss German, Bulgarian and Swedish keymaps in the installer
  • cryptsetup Install cryptkeyctl initramfs hook; lukadmin: avoid possible race conditions by invoking udevadm settle
  • dbconfig-common Fix version sorting logic bug on upgrade files in postinst
  • debian-reference Refer to squeeze-updates rather than volatile; fix URL for Debian Mirror Checker
  • debootstrap Fix --private-key and ar usage
  • deluge Fix hang on quit
  • desktop-base Fix plymouth output in dual-screen configurations
  • devscripts Make squeeze the default backports target; add wheezy{,-ignore} tags
  • eclipse Fix XSS in help browser application
  • exuberant-ctags Use memmove rather than strcpy on overlapping strings
  • ganeti Don't break permissions of /var/lock when running "gnt-node add"
  • gdm3 Handle del{group,user} failures gracefully; fix grep usage; use correct names for UTF-8 locales
  • gedit Fix important mistake in the Brazilian Portugese translation
  • git Fix escaping in gitweb, new add.ignoreErrors variable
  • gnome-screensaver Disable non-functional libnotify support
  • gnumed-client Install translations to the correct location
  • grub-installer Set debconf title to avoid reusing a previous one
  • ia32-libs Refresh packages from stable and proposed-updates
  • ia32-libs-core Refresh packages from stable and proposed-updates
  • ia32-libs-gtk Refresh packages from stable and proposed-updates
  • installation-guide Update content for squeeze
  • katoob Fix crash when setting tooltips
  • kde4libs Add a kconf_update script to migrate away from old KDE3 icon themes
  • kdebase-workspace Fix random but common krunner crashes
  • kernel-wedge Add hid-cherry and sdhci_pci modules
  • kfreebsd-8 Fix local DoS in TCP stack; emulate Catalan's middle-dot l/L characters by ASCII l/L
  • kgb-bot Fix version check to allow possible future security updates
  • krusader Properly fix problems terminating the application
  • libapache-mod-jk Ease upgrades from lenny by disabling SOCK_CLOEXEC use
  • libemail-mime-createhtml-perl Add missing dependency on libfile-policy-perl
  • libvirt Make init script 'status' target exit statuses LSB-compliant to assist monitoring
  • linux-2.6 Several fixes
  • linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-31
  • linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-31
  • magpierss Fix cross-site scripting vulnerability (CVE-2011-0740)
  • mcabber Fix crash, segfault, command-line corruption and FD leaks
  • mediawiki Fix a CSS injection vulnerability
  • mediawiki-extensions PHP 5.3 compatibility fixes for the confirmedit plugin
  • nautilus Fix crash in nautilus_file_peek_display_name()
  • network-manager Only comment out exact matches in /etc/network/interfaces; normalise keys in ifupdown parser; correctly handle device remova
  • ocrodjvu Fix upside-down generation of hocr data
  • ocsigen Add missing dependencies on lib{lwt-ssl,ocsigen-xhtml}-ocaml-dev
  • pdftk Support prompting for both owner and user passwords; allow filenames to start with "odd:, "even" or "end"
  • pulseaudio Fix pacmd hanging in poll() when reading from stdin very early
  • python-defaults Use full path to Python interpreters in pycompile to ease lenny to squeeze upgrades
  • samba Missing input sanisiting
  • sobby Ensure session files are writable by the sobby user
  • sudo Resolve interoperability issues between -H and HOME in env_keep
  • sun-java6 Several security fixes
  • ttf-liberation Correctly flag Liberation Mono as monospaced
  • tzdata New upstream release; update Chilean DST
  • usb-modeswitch-data Fix modeswitching lines for Huawei devices; add support for more devices
  • why Mark Squeeze's Coq version as a compatible prover
  • xorg-server Fix crashes with MCE remotes; fix rotation [nvidia]; drop support for XF86Config-4
  • xserver-xorg-video-intel Fix null pointer dereference and SDL-related issues

New in version 6.0 RC1 (January 14th, 2011)

  • Linux kernel updated to 2.6.32-29.
  • Updated artwork for Squeeze theme (#603554).
  • Fixed Finnish keymap in graphical installer.
  • Fixed usability issues with very long questions about accepting firmware licenses when some non-free firmware is used.
  • Fixed mklibs segfaults on static objects;
  • Avoid reloading modules that have a network interface that is already configured.
  • Support the new suite name for "volatile".
  • Fix text of examples in debconf templates to fit the new partition numbering scheme in GRUB 2.
  • Fix resolv.conf writing of manual entered values in case DHCP doesn't supply them.
  • Live Installer:
  • don't depends on fs modules since it can be loaded during the filesystem lookup;
  • also removing backend packages for both live-boot and live-config when running normal installation;
  • calling depmod before modprobing support modules;
  • for consistency, and for more flexibility with custom d-i kernels, also making anna call for installing support modules never fail.
  • On GNU/kFreeBSD:
  • disable partman-zfs on kfreebsd-i386;
  • fix generation of fstab CD-ROM entries;
  • mark modules disabled due to firmware issues as optional.
  • On GNU/Linux:
  • nic-modules: add qlcnic module;
  • ata-modules: force inclusion of ata_generic;
  • armel:
  • kirkwood: Added support for QNAP TS-119P+ and TS-219P+;
  • powerpc:
  • add support for YDL PowerStation, a CHRP machine with IBM Bimini board and SLOF firmware;
  • selectively load necessary modules to control G5 PowerMac fans. All G5 PowerMac models are covered now;
  • fancontrol-modules (powerpc64): add windfarm_pm121 for iMac iSight machines;
  • pata-modules: add pata_mpc52xx for Efika 5200B board;
  • nic-modules (powerpc64): add ehea module for on-board ethernet adapters present on all IBM Power 6 and later System P boards;
  • core-modules: add bestcomm-core. pata_mpc52xx and fec_mpc52xx depend on it;
  • let linux-boot-prober work on all chrp machines;
  • handle YDL initrd image in linux-boot-prober fallback test;
  • use short unique OS labels returned by os-prober;
  • use persistent device naming symlinks and UUID/LABEL tags instead of unix block device names.
  • Localization:
  • Lao and Sinhala languages added;
  • 70 languages activated (included English);
  • for 57 of these, translation is 100% complete.

New in version 5.0.4 (February 3rd, 2010)

  • The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems.
  • Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
  • Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
  • New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
  • Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
  • http://www.debian.org/mirror/list
  • Miscellaneous Bugfixes:
  • This stable update adds a few important corrections to the following packages:
  • alien-arena Fix remote arbitrary code execution
  • amarok Apply regex update to make Wikipedia tab work again
  • apache2 Several issues
  • backup-manager Fix possible mysql password leakage to local users
  • backuppc Prohibit editing of client name alias to avoid unauthorised file access
  • base-files Update /etc/debian_version to reflect the point release
  • choose-mirror Improve suite selection and validation of suites available on selected mirror
  • clock-setup Correctly handle system dates before epoch
  • consolekit Don't create pam-foreground-compat tag files for remote users
  • debmirror Compress packages files using --rsyncable so they match the files from the archive
  • devscripts Update a number of scripts to understand squeeze and lenny-backports
  • dhcp3 Fix memory leak and SIGPIPE in LDAP code
  • dpkg Various fixes to new source package format support
  • drupal6 Fix XSS issues in Contact and Menu moduels
  • fam Fix 100% CPU usage in famd
  • fetchmail Fix init script dependencies; don't complain about missing configuration when disabled
  • firebird2.0 Fix DOS via malformed message
  • gchempaint Fix segmentation fault
  • gdebi Fix gksu call to not pass an option that the Debian package doesn't support
  • geneweb Correctly handle database with names containing whitespace in the postinst
  • ghc6 Fix deadlock bug on 64-bit architectures
  • glib2.0 Fix g_file_copy to correctly set permissions of target files
  • glibc Fix bug in realloc() when enlarging a memory allocation
  • gnash Reduce messages produced by the browser plugin to avoid filling .xsession-errors
  • gnome-system-tools Don't change root's home directory when editing the user and fix group creation dialog
  • haproxy Several stability and crash fixes
  • kazehakase Disallow adding bookmarks for data:/javascript: URIs (CVE-2007-1084)
  • killer Correctly handle long usernames in the ruser field
  • libcgi-pm-perl Fix unwanted ISO-8859-1 -> UTF-8 conversion in CGI::Util::escape()
  • libdbd-mysql-perl Fix segmentation faults caused by auto_reconnect
  • libdbd-pg-perl Correctly handle high-bit characters
  • libfinance-quote-perl Fix ordering of fields in Yahoo data
  • linux-2.6 Several corrections
  • linux-kernel-di-alpha-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-arm-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-hppa-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.26-21
  • linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.26-21
  • lkl Rebuild to get new MD5 sum (previous sum was causing FPs from antivirus)
  • movabletype-opensource Disable mt-wizard.cgi by default
  • munin Fix CPU usage graphs to account for changes in kernel reporting
  • mysql-dfsg-5.0 Revert 'dummy thread' workaround which causes segfaults and fix crash when using GIS functions
  • nss-ldapd Treat usernames and other lookups as case-sensitive
  • openttd Fix remote crash vulnerability
  • otrs2 Don't globally limit MaxRequestsPerChild on Apache or reject valid domains
  • partman-auto-crypto Avoid triggering unsafe swap warning when setting up LVM
  • planet-venus Enhance escaping of processed feeds
  • proftpd-dfsg SSL certificate verification weakness
  • pyenchant Make add_to_personal() work again
  • python-docutils Fix insecure temporary file usage in reStructuredText Emacs mode
  • python-xml Fix two denials of service
  • qcontrol Create persistent input device to handle changes in udev 0.125-7+lenny3
  • redhat-cluster Fix problem with resource failover
  • request-tracker3.6 Session hijack vulnerability
  • roundup Fix pagination regression caused by security fix
  • samba Fix regression in name mangling
  • serveez Fix remote buffer overflow
  • shadow Fix handling of long lines in the user or group files
  • spamassassin Don't consider dates in 2010 'grossly in the future'
  • system-tools-backends Fix regression in operation of some elements
  • texlive-bin Fix crash with large files
  • tor Fix crash due to race condition and update authority keys
  • totem Update youtube plugin to match changes to the site
  • tzdata Update timezone data
  • usbutils Update USB IDs
  • user-mode-linux Rebuild against linux-source-2.6.26 2.6.26-21
  • vpb-driver Fix Asterisk crash with missing config file
  • watchdog Ensure daemon really has ended before starting a new one
  • webauth Avoid inadvertently including passwords in cookie test URLs
  • wireshark Several vulnerabilities
  • xfs Fix temporary directory usage in the init script
  • xscreensaver Fix local screen lock bypass vulnerability
  • A number of packages were rebuilt on the alpha, amd64 and ia64 architectures to incorporate the fix from the updated ghc6 package:
  • alex arch2darcs
  • bnfc c2hs
  • dfsbuild drift
  • cpphs darcs
  • darcs-buildpackage darcs-monitor
  • datapacker frown
  • geordi haddock
  • happy haskell-utils
  • hat helium
  • hmake hpodder
  • hscolour lhs2tex
  • kaya pxsl-tools
  • srcinst uuagc
  • whitespace xmonad
  • New version of the debian-installer:
  • The Debian Installer has been updated in this point release to offer better support for installation of the "oldstable" distribution and from archive.debian.org. The new installer also allows the system date to be updated using NTP if it is before January 1st, 1970 at boot time.
  • The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware.
  • An update to the udev package in the previous point release unfortunately led to the LEDs and on-board buzzer of arm/armel-based QNAP NAS devices not operating during installs. This is rectified in the new installer release.
  • Finally, it is once again possible to use the installer on the S/390 architecture by booting from CD.
  • Security Updates:
  • This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates...
  • DSA-1796 libwmf Denial of service
  • DSA-1825 nagios3 Arbitrary code execution
  • DSA-1835 tiff Several vulnerabilities
  • DSA-1836 fckeditor Arbitrary code execution
  • DSA-1837 dbus Denial of service
  • DSA-1839 gst-plugins-good0.10 Arbitrary code execution
  • DSA-1849 xml-security-c Signature forgery
  • DSA-1850 libmodplug Arbitrary code execution
  • DSA-1860 ruby1.9 Several issues
  • DSA-1863 zope2.10 Arbitrary code execution
  • DSA-1866 kdegraphics Several vulnerabilities
  • DSA-1868 kde4libs Several vulnerabilities
  • DSA-1878 devscripts Remote code execution
  • DSA-1879 silc-client Arbitrary code execution
  • DSA-1879 silc-toolkit Arbitrary code execution
  • DSA-1880 openoffice.org Arbitrary code execution
  • DSA-1882 xapian-omega Cross-site scripting
  • DSA-1884 nginx Arbitrary code execution
  • DSA-1885 xulrunner Several vulnerabilities
  • DSA-1886 iceweasel Several vulnerabilities
  • DSA-1887 rails Cross-site scripting
  • DSA-1888 openssl Deprecate MD2 hash signatures
  • DSA-1889 icu Security bypass due to multibyte sequence parsing
  • DSA-1890 wxwidgets2.6 Arbitrary code execution
  • DSA-1890 wxwidgets2.8 Arbitrary code execution
  • DSA-1891 changetrack Arbitrary code execution
  • DSA-1892 dovecot Arbitrary code execution
  • DSA-1893 cyrus-imapd-2.2 Arbitrary code execution
  • DSA-1893 kolab-cyrus-imapd Arbitrary code execution
  • DSA-1894 newt Arbitrary code execution
  • DSA-1895 opensaml2 Interpretation conflict
  • DSA-1895 shibboleth-sp2 Interpretation conflict
  • DSA-1895 xmltooling Potential code execution
  • DSA-1896 opensaml Potential code execution
  • DSA-1896 shibboleth-sp Potential code execution
  • DSA-1897 horde3 Arbitrary code execution
  • DSA-1898 openswan Denial of service
  • DSA-1899 strongswan Denial of service
  • DSA-1900 postgresql-8.3 Various problems
  • DSA-1903 graphicsmagick Several vulnerabilities
  • DSA-1904 wget SSL certificate verification weakness
  • DSA-1905 python-django Denial of service
  • DSA-1907 kvm Several vulnerabilities
  • DSA-1908 samba Several vulnerabilities
  • DSA-1909 postgresql-ocaml Missing escape function
  • DSA-1910 mysql-ocaml Missing escape function
  • DSA-1911 pygresql Missing escape function
  • DSA-1912 advi Arbitrary code execution
  • DSA-1912 camlimages Arbitrary code execution
  • DSA-1913 bugzilla SQL injection
  • DSA-1914 mapserver Serveral vulnerabilities
  • DSA-1915 linux-2.6 Several vulnerabilities
  • DSA-1915 user-mode-linux Several vulnerabilities
  • DSA-1916 kdelibs SSL certificate verification weakness
  • DSA-1917 mimetex Several vulnerabilities
  • DSA-1918 phpmyadmin Several vulnerabilities
  • DSA-1919 smarty Several vulnerabilities
  • DSA-1920 nginx Denial of service
  • DSA-1921 expat Denial of service
  • DSA-1922 xulrunner Several vulnerabilities
  • DSA-1923 libhtml-parser-perl Denial of service
  • DSA-1924 mahara Several vulnerabilities
  • DSA-1925 proftpd-dfsg SSL certificate verification weakness
  • DSA-1926 typo3-src Several vulnerabilities
  • DSA-1930 drupal6 Several vulnerabilities
  • DSA-1931 nspr Several vulnerabilities
  • DSA-1932 pidgin Arbitrary code execution
  • DSA-1933 cups Cross-site scripting
  • DSA-1934 apache2 Several issues
  • DSA-1934 apache2-mpm-itk Several issues
  • DSA-1935 gnutls26 SSL certificate NUL byte vulnerability
  • DSA-1936 libgd2 Several vulnerabilities
  • DSA-1937 gforge Cross-site scripting
  • DSA-1938 php-mail Insufficient input sanitising
  • DSA-1939 libvorbis Several vulnerabilities
  • DSA-1940 php5 Multiple issues
  • DSA-1941 poppler Several vulnerabilities
  • DSA-1942 wireshark Several vulnerabilities
  • DSA-1944 request-tracker3.6 Session hijack vulnerability
  • DSA-1945 gforge Denial of service
  • DSA-1947 opensaml2 Cross-site scripting
  • DSA-1947 shibboleth-sp Cross-site scripting
  • DSA-1947 shibboleth-sp2 Cross-site scripting
  • DSA-1948 ntp Denial of service
  • DSA-1949 php-net-ping Arbitrary code execution
  • DSA-1950 webkit Several vulnerabilities
  • DSA-1951 firefox-sage Insufficient input sanitizing
  • DSA-1952 asterisk Several vulnerabilities
  • DSA-1953 expat Denial of service
  • DSA-1954 cacti Insufficient input sanitising
  • DSA-1956 xulrunner Several vulnerabilities
  • DSA-1957 aria2 Arbitrary code execution
  • DSA-1958 libtool Privilege escalation
  • DSA-1959 ganeti Arbitrary command execution
  • DSA-1960 acpid Weak file permissions
  • DSA-1961 bind9 Cache poisoning
  • DSA-1962 kvm Several vulnerabilities
  • DSA-1963 unbound DNSSEC validation
  • DSA-1964 postgresql-8.3 Several vulnerabilities
  • DSA-1965 phpldapadmin Remote file inclusion
  • DSA-1966 horde3 Cross-site scripting
  • DSA-1967 transmission Directory traversal
  • DSA-1968 pdns-recursor Potential code execution
  • DSA-1969 krb5 Denial of service
  • DSA-1970 openssl Denial of service
  • DSA-1971 libthai Arbitrary code execution
  • DSA-1972 audiofile Buffer overflow
  • DSA-1974 gzip Arbitrary code execution
  • DSA-1976 dokuwiki Several vulnerabilities
  • DSA-1978 phpgroupware Several vulnerabilities
  • DSA-1979 lintian Multiple vulnerabilities
  • DSA-1980 ircd-hybrid Arbitrary code execution
  • Removed packages:
  • The following packages were removed due to circumstances beyond our control:
  • destar Security issues; unmaintained; abandoned upstream
  • electricsheep No longer functional
  • gnudip Security issues; unmaintained; abandoned upstream
  • kcheckgmail No longer functional
  • libgnucrypto-java Security issues; obsolete
  • Additionally those parts of the libwww-search-perl and libperl4caml-ocaml-dev packages which rely on the Google SOAP search API (provided by libnet-google-perl) are no longer functional as the API has been retired by Google. The remaining portions of the packages will continue to function as before.

New in version 5.0 (February 15th, 2009)

  • The Debian Project is pleased to announce the official release of Debian GNU/Linux version 5.0 (code-named 'Lenny') after 22 months of constant development. Debian GNU/Linux is a free operating system which supports a total of twelve processor architectures and includes the KDE, GNOME, Xfce, and LXDE desktop environments. This release includes numerous updated software packages, such as the K Desktop Environment 3.5.10, an updated version of the GNOME desktop environment 2.22.2, the Xfce 4.4.2 desktop environment, LXDE 0.3.2.1, the GNUstep desktop 7.3, X.Org 7.3, OpenOffice.org 2.4.1, GIMP 2.4.7....

New in version 4.0r7 (February 10th, 2009)

  • This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.

New in version 5.0 RC2 (February 1st, 2009)

  • updated Linux kernel (2.6.26-13) and external modules (2.6.26-5);
  • available modules for PATA devices on CD-ROM images;
  • improved brltty device support;
  • support firmware loading from USB devices in SPARC;
  • improved support for encrypted partitions in rescue mode;
  • fixed multi-arch CD - it no longer boots directly to the amd64 installer;
  • updated installation guide with a re-added Spanish translation.

New in version 5.0 RC1 (November 13th, 2008)

  • The Debian Installer team is proud to announce the first release candidate of the installer for Debian GNU/Linux 'Lenny'. Improvements in this release: improved support for live CD installation media; support for some NAS devices based on Marvell's ARM-compatible Orion chip; installer images for Netwinder have been added again; installer images for i386 Xen guests; support for hardware speech synthesis has been added; upgrade of packages early in pkgsel, for example to get available security updates for base system packages; support for loading firmware from (removable) media during the installation....

New in version 4.0r5 (October 24th, 2008)

  • The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 4.0 (code name 'Etch'). This update mainly adds corrections for security problems to the stable release, along with a few adjustments to serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.