Debian 10218 Published by

Debian 5.0.10 (oldstable) has been released



- ------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 5.0: 5.0.10 released press@debian.org
March 10th, 2012 http://www.debian.org/News/2012/20120310
- ------------------------------------------------------------------------

The Debian project is pleased to announce the tenth and final update
of its oldstable distribution Debian 5.0 (codename `lenny'). This update
mainly adds corrections for security problems to the oldstable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

The alpha and ia64 packages from DSA 1769 are not included in this
point release for technical reasons. All other security updates
released during the lifetime of `lenny' that have not previously been
part of a point release are included in this update.

Please note that the security support for the oldstable distribution
ended in February 2012 and no updates have been released since that
point.

http://www.debian.org/News/2012/20120209

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

http://www.debian.org/mirror/list

Please note that the oldstable distribution will be moved from the
main archive to the archive.debian.org repository after March 24th 2012.
After this move, it will no longer be available from the main mirror
network. More information about the distribution archive and a list of
mirrors is available at:

http://www.debian.org/distrib/archive


Miscellaneous Bugfixes
======================

This oldstable update adds a few important corrections to the
following packages:

Package Reason

apr Disable robust pthread mutexes on alpha, arm, and armel
base-files Update /etc/debian_version for the point release
ia32-libs Refresh packages to include recent security updates
libdigest-perl Fix unsafe use of eval in Digest->new()
linux-2.6 Various security fixes
phppgadmin Fix XSS
postgresql-8.3 New upstream micro-release
typo3-src Fix cache flooding via improper error handling
xapian-omega Fix escaping issues in templates
xpdf Insecure tempfile usage in zxpdf
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-29)


Security Updates
================

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID Package Correction(s)

DSA-1769 openjdk-6 Arbitrary code execution
DSA-2161 openjdk-6 Multiple issues
DSA-2224 openjdk-6 Multiple issues
DSA-2237 apr Denial of service
DSA-2251 subversion Multiple issues
DSA-2258 kolab-cyrus-imapd Implementation error
DSA-2263 movabletype-opensource Multiple issues
DSA-2265 perl Missing taint check
DSA-2267 perl Restriction bypass
DSA-2271 curl Improper delegation of client
credentials
DSA-2281 opie Multiple issues
DSA-2284 opensaml2 Implementation error
DSA-2285 mapserver Multiple issues
DSA-2287 libpng Multiple issues
DSA-2301 rails Multiple issues
DSA-2305 vsftpd Denial of service
DSA-2313 xulrunner Multiple issues
DSA-2315 openoffice.org Multiple issues
DSA-2316 quagga Multiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2320 dokuwiki Regression fix
DSA-2321 moin Cross-site scripting
DSA-2323 radvd Multiple issues
DSA-2324 wireshark Programming error
DSA-2328 freetype Missing input sanitising
DSA-2332 python-django Multiple issues
DSA-2333 phpldapadmin Multiple issues
DSA-2334 mahara Multiple issues
DSA-2335 man2html Missing input sanitization
DSA-2339 nss Multiple issues
DSA-2340 postgresql-8.3 Weak password hashing
DSA-2341 xulrunner Multiple issues
DSA-2343 openssl CA trust revocation
DSA-2346 proftpd-dfsg Multiple issues
DSA-2347 bind9 Improper assert
DSA-2350 freetype Missing input sanitising
DSA-2351 wireshark Buffer overflow
DSA-2352 puppet Programming error
DSA-2354 cups Multiple issues
DSA-2355 clearsilver Format string vulnerability
DSA-2357 evince Multiple issues
DSA-2358 openjdk-6 Multiple issues
DSA-2361 chasen Buffer overflow
DSA-2362 acpid Multiple issues
DSA-2363 tor Buffer overflow
DSA-2365 dtc Multiple issues
DSA-2366 mediawiki Multiple issues
DSA-2367 asterisk Multiple issues
DSA-2368 lighttpd Multiple issues
DSA-2369 libsoup2.4 Directory traversal
DSA-2370 unbound Multiple issues
DSA-2371 jasper Buffer overflows
DSA-2372 heimdal Buffer overflow
DSA-2373 inetutils Buffer overflow
DSA-2374 openswan Implementation error
DSA-2375 krb5 Buffer overflow
DSA-2376 ipmitool Insecure pid file
DSA-2377 cyrus-imapd-2.2 Denial of service
DSA-2380 foomatic-filters Shell command injection
DSA-2382 ecryptfs-utils Multiple issues
DSA-2383 super Buffer overflow
DSA-2384 cacti Multiple issues
DSA-2385 pdns Packet loop
DSA-2386 openttd Multiple issues
DSA-2388 t1lib Multiple issues
DSA-2390 openssl Multiple issues
DSA-2392 openssl Out-of-bounds read
DSA-2394 libxml2 Multiple issues
DSA-2397 icu Buffer underflow
DSA-2398 curl Multiple issues
DSA-2399 php5 Multiple issues
DSA-2400 xulrunner Multiple issues
DSA-2403 php5 Code injection
DSA-2405 apache2 Multiple issues
DSA-2405 apache2-mpm-itk Multiple issues


Debian Installer / kernel
=========================

The kernel included in this point release has been updated to
incorporate fixes for a number of security issues. The installer has
been rebuilt to use the new kernel.


Removed packages
================

The following packages were removed due to circumstances beyond our
control:

Package Reason
qcad Non-distributable
partlibary Non-distributable


URLs
====

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/lenny/ChangeLog

The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/

Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates

Oldstable distribution information (release notes, errata etc.):

http://www.debian.org/releases/oldstable/

Security announcements and information:

http://security.debian.org/


About Debian
============

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
===================

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to , or contact the
stable release team at .