Updated Debian 6.0: 6.0.10 released

July 19th, 2014

The Debian project is pleased to announce the tenth and final update of its oldstable distribution Debian 6.0 (codename squeeze). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

The packages from DSA 2727, DSA 2765, DSA 2893 and DSA 2912 are not included in this point release for technical reasons, as are some architectures for DSA 2782, DSA 2809, DSA 2810, DSA 2868 and DSA 2886. All other security updates released during the lifetime of squeeze that have not previously been part of a point release are included in this update.

Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away old squeeze CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:


Please note that the 6.0 distribution is no longer receiving security support. If you are using the amd64 or i386 architecture and not able to upgrade to the current stable release, you may wish to investigate the squeeze-lts distribution. More information is available at:


Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following packages:

Package Reason
base-files Update for the point release
catfish Fix untrusted search path vulnerability [CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096]
clamav New upstream release; regression fix
cups Fix XSS in the web interface
debian-edu-archive-keyring Update keyring to extend expiry on archive key
debian-installer Rebuild for the point release
debian-installer-netboot-images Rebuild for the point release
exim4 Robustness fix for the Dovecot authenticator; use exim's ${quote:xxx} operator when invoking spfquery to disallow bypassing of SPF validation by using special mailbox names
ia32-libs Update packages from oldstable and oldstable-security
libdbi-perl Remove dependency on to-be-removed libplrpc-perl
libfinance-quote-perl Update URLs of Yahoo! Finance services
mobile-broadband-provider-info Update included data
postgresql-8.4 New upstream micro-release
suds Remove temporary directories on exit
tzdata New upstream release

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package
DSA-2738 ruby1.9.1
DSA-2782 polarssl
DSA-2808 openjpeg
DSA-2809 ruby1.8
DSA-2810 ruby1.9.1
DSA-2816 php5
DSA-2850 libyaml
DSA-2859 pidgin
DSA-2861 file
DSA-2863 libtar
DSA-2864 postgresql-8.4
DSA-2867 otrs2
DSA-2868 php5
DSA-2869 gnutls26
DSA-2870 libyaml-libyaml-perl
DSA-2871 wireshark
DSA-2872 udisks
DSA-2873 file
DSA-2874 mutt
DSA-2876 cups
DSA-2877 lighttpd
DSA-2878 virtualbox-ose
DSA-2879 libssh
DSA-2882 extplorer
DSA-2884 libyaml
DSA-2885 libyaml-libyaml-perl
DSA-2886 libxalan2-java
DSA-2892 a2ps
DSA-2894 openssh
DSA-2898 imagemagick
DSA-2899 openafs
DSA-2901 wordpress
DSA-2902 curl
DSA-2903 strongswan
DSA-2904 virtualbox-ose
DSA-2906 linux-2.6
DSA-2906 user-mode-linux
DSA-2909 qemu
DSA-2910 qemu-kvm
DSA-2914 drupal6
DSA-2915 dpkg
DSA-2916 libmms
DSA-2917 super
DSA-2921 xbuffy
DSA-2922 strongswan
DSA-2925 rxvt-unicode
DSA-2927 libxfont
DSA-2928 linux-2.6
DSA-2928 user-mode-linux
DSA-2934 python-django
DSA-2936 torque
DSA-2937 mod-wsgi
DSA-2953 dpkg

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason
spip Security support ended
libgtfb Broken
flashplugin-nonfree Security issues
libplrpc-perl Security issues
hlbrw Depends on to-be-removed hlbr
couchdb Security support ended
hlbr Broken
fusionforge Security support ended
mantis Security support ended
bugzilla Security support ended
zabbix Security support ended
gksu-polkit Security support ended
whatsnewfm Obsolete as freecode.com is no longer accepting submissions
serendipity Security support ended
mahara Security support ended
movabletype-opensource Security support ended
openswan Security support ended


The complete lists of packages that have changed with this revision:


The current oldstable distribution:


Proposed updates to the oldstable distribution:


oldstable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.