Debian GNU/Linux 3.1 updated
December 28th, 2007
The Debian project is pleased to announce the seventh update of its
old stable distribution Debian GNU/Linux 3.1 (codename sarge
). This
is the first time we update the old stable distribution during the
lifetime of the stable distribution. This update mainly adds
corrections for security problems to the oldstable release, along with
a few adjustments to serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude
(or apt
) package tool (see the sources.list(5) manual
page) to one of Debian's many FTP or HTTP mirrors. A comprehensive
list of mirrors is available at:
Debian-Installer Update
With this release the installation system for sarge gains full support for
installing oldstable
from network mirrors. This includes base-config.
The installer also uses and supports the updated kernels included in this revision. This causes old netboot and floppy images to stop working, updated versions are available from the regular locations.
Other changes are a final fix to prevent leakage of sensitive data through saved log files and a minor fix in the partman-jfs component.
Miscellaneous Bugfixes
This update adds several binary-only updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages:
Package | Reason |
---|---|
adesklets | Bring architectures back in sync |
agenda.app | Bring architectures back in sync |
antlr | Bring architectures back in sync |
apache2 | Fix several minor vulnerabilities |
asterisk-spandsp-plugins | Bring architectures back in sync |
atomix | Bring architectures back in sync |
bazaar | Bring architectures back in sync |
camediaplay | Bring architectures back in sync |
commons-daemon | Bring architectures back in sync |
debtags-edit | Bring architectures back in sync |
fai-kernels | Rebuild against latest kernel update |
fet | Bring architectures back in sync |
freepops | Bring architectures back in sync |
gaim-encryption | Bring architectures back in sync |
gff2aplot | Bring architectures back in sync |
gnuradio-core | Bring architectures back in sync |
gr-audio-oss | Bring architectures back in sync |
iroffer | Bring architectures back in sync |
joystick | Bring architectures back in sync |
k3d | Bring architectures back in sync |
kdissert | Bring architectures back in sync |
kernel-latest-2.6-alpha | Meta package for new kernel ABI |
kernel-latest-2.6-amd64 | Meta package for new kernel ABI |
kernel-latest-2.6-hppa | Meta package for new kernel ABI |
kernel-latest-2.6-i386 | Meta package for new kernel ABI |
kernel-latest-2.6-powerpc | Meta package for new kernel ABI |
kernel-latest-2.6-sparc | Meta package for new kernel ABI |
kernel-source-2.6.8 | Several fixes and driver updates |
kexi | Bring architectures back in sync |
kimdaba | Bring architectures back in sync |
leafpad | Bring architectures back in sync |
libdbd-sqlite2-perl | Bring architectures back in sync |
libgconf-java | Bring architectures back in sync |
libglade-java | Bring architectures back in sync |
libgnome-java | Bring architectures back in sync |
ocaml-http | Bring architectures back in sync |
octaviz | Bring architectures back in sync |
osspsa | Bring architectures back in sync |
paje.app | Bring architectures back in sync |
pasmo | Bring architectures back in sync |
plptools | Bring architectures back in sync |
pwlib | Fix remote denial of service |
python-biopython | Bring architectures back in sync |
realtimebattle | Bring architectures back in sync |
scalapack | Bring architectures back in sync |
skippy | Bring architectures back in sync |
swt-gtk | Bring architectures back in sync |
vgrabbj | Bring architectures back in sync |
visitors | Bring architectures back in sync |
wesnoth | Fix denial of service |
ximian-connector | Bring architectures back in sync |
xwine | Bring architectures back in sync |
Security Updates
This revision adds the following security updates to the old stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-1267 | webcalendar | Remote file inclusion |
DSA-1282 | php4 | Several vulnerabilities |
DSA-1284 | qemu | Several vulnerabilities |
DSA-1287 | ldap-account-manager | Several vulnerabilities |
DSA-1290 | squirrelmail | Cross-site scripting |
DSA-1291 | samba | Several vulnerabilities |
DSA-1293 | quagga | Denial of service |
DSA-1294 | rdesktop | Several vulnerabilities |
DSA-1294 | xfree86 | Several vulnerabilities |
DSA-1307 | openoffice.org | Arbitrary code execution |
DSA-1310 | libexif | Arbitrary code execution |
DSA-1311 | postgresql | Privilege escalation |
DSA-1312 | libapache-mod-jk | Information disclosure |
DSA-1323 | krb5 | Several vulnerabilities |
DSA-1325 | evolution | Several vulnerabilities |
DSA-1326 | fireflier | Unsafe temporary files |
DSA-1329 | gfax | Privilege escalation |
DSA-1331 | php4 | Arbitrary code execution |
DSA-1332 | vlc | Arbitrary code execution |
DSA-1334 | freetype | Arbitrary code execution |
DSA-1335 | gimp | Arbitrary code execution |
DSA-1336 | mozilla-firefox | Several vulnerabilities |
DSA-1341 | bind9 | DNS cache poisoning |
DSA-1343 | file | Arbitrary code execution |
DSA-1347 | xpdf | Arbitrary code execution |
DSA-1349 | libextractor | Arbitrary code execution |
DSA-1350 | tetex-bin | Arbitrary code execution |
DSA-1351 | bochs | Privilege escalation |
DSA-1352 | pdfkit.framework | Arbitrary code execution |
DSA-1353 | tcpdump | Arbitrary code execution |
DSA-1354 | gpdf | Arbitrary code execution |
DSA-1358 | asterisk | Several vulnerabilities |
DSA-1364 | vim | Several vulnerabilities |
DSA-1421 | wesnoth | Arbitrary file disclosure |
DSA-1426 | qt-x11-free | Several vulnerabilities |
DSA-1427 | samba | Arbitrary code execution |
DSA-1433 | centericq | Arbitrary code execution |
DSA-1435 | clamav | Several vulnerabilities |
A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
URLs
The complete lists of packages that have changed with this release:
The current old stable distribution:
Proposed updates to the oldstable distribution:
Sarge distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.