Debian GNU/Linux 3.1 updated (r2)
April 19th, 2006
This is the second update of Debian GNU/Linux 3.1 (codename ‘sarge’) which mainly adds security updates to the stable release, along with some corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
Please note that this update does not produce a new version of Debian GNU/Linux 3.1 but only adds a few updated packages to it. There is no need to throw away 3.1 CDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Upgrading to this revision online is usually done by pointing the ‘apt’ package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates. The security fixes of the kernel have been delayed to the next point release due to constraints with the installer, please update the kernel images from security.debian.org.
Notable Changes
The sudo package has been changed to not propagate all environment variables to subsequent programs in order to avoid security risks. This change might affect software that uses sudo. Please see /usr/share/doc/sudo/README.Debian for more details.
Miscellaneous Bugfixes
This revision adds important corrections to the following packages. Most of them don't affect the security of the system, but may affect data integrity.
Package | Reason |
---|---|
affix-kernel | Fix build failures with sarge's kernel |
backuppc | Fix backup potential data loss and corruption |
cernlib | License problems, repackaged |
cyrus-imapd | Don't remove mail data on package purge |
cyrus21-imapd | Note cyrus-imapd data loss on package purge |
evms | Fix possible data loss |
exim4 | Fix mail delivery problems |
f-prot-installer | Adjusted to work with recent releases |
fai | Several fixes |
glibc | Update timezone data, fix NPTL for amd64 |
leafnode | Fix security issue (CVE 2005-1911) |
libchipcard | Don't remove user account on package purge |
mutt | Fix possible attachments data loss |
perl | Fix utf-8/taint and malloc-to-death bug, Bug#227621 |
rssh | Fix security issue (CVE-2005-3345) |
slune | Adjust to security fix in py2play, Bug#326976 |
sodipodi | Fix segfaults on 64-bit architectures |
tar | Fix work with remote devices on non-i386, Bug#356657 |
A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
URLs
The complete lists of packages that have changed with this release:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an organisation of free software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/ or send mail to <press@debian.org>.