[Admins] Debian Package Updates on dochas.stdlib.net.

root root at stdlib.net
Wed Mar 28 06:25:12 IST 2007


apticron report [Wed, 28 Mar 2007 06:25:05 +0100]
========================================================================

apticron has detected that some packages need upgrading on: 

	dochas.stdlib.net 
	[ 82.195.155.60 2001:770:100:65::2 ]

The following packages are currently pending an upgrade:

	lsb-base 2.0-7
	gnupg 1.4.1-1.sarge7
	libclamav2 0.90.1-0volatile1
	clamav-freshclam 0.90.1-0volatile1
	clamav-daemon 0.90.1-0volatile1
	clamav-base 0.90.1-0volatile1
	php4-mysql 4:4.3.10-19
	php4-gd 4:4.3.10-19
	libapache2-mod-php4 4:4.3.10-19
	php4-common 4:4.3.10-19
	tcpdump 3.8.3-5sarge2

========================================================================

Package Details:

Reading changelogs...
--- Changes for clamav (clamav-freshclam clamav-daemon clamav-base) ---
clamav (0.90.1-0volatile1) sarge-volatile; urgency=low

  * New upstream version
    - Many memleaks fixed
    - Many potential crashes fixed
  * Patches:
    - freshen 02_milter_sendmail_version_patch
    - freshen 20_clamscan-manpage-update.dpatch
    - freshen 24_nullmailer_ftbfs.dpatch
    - remove 25_soname_bump.dpatch (merged upstream)
    - remove 26_isspace_fix_segv.dpatch (merged upstream)

 -- Stephen Gran <sgran at debian.org>  Fri,  2 Mar 2007 03:56:26 +0000

clamav (0.90-0volatile2) sarge-volatile; urgency=low

  * Fix clamav.examples to actually include what's there, and not what include
    what isn't.  Unsurprisingly, this fixes an FTBFS

 -- Stephen Gran <sgran at debian.org>  Thu,  1 Mar 2007 15:49:55 +0000

clamav (0.90-0volatile1) sarge-volatile; urgency=high

  * Backport for volatile
  * Fix init scripts to work with sarge's lsb-base
  * Revert dh_compat to 4, and eliminate debug package
  * Revert new dpkg-dev variables to sarge approximations

 -- Stephen Gran <sgran at debian.org>  Thu,  1 Mar 2007 02:07:40 +0000

--- Changes for gnupg ---
gnupg (1.4.1-1.sarge7) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Backported patch from upstream 1.4.7 for CVE-2007-1263.

 -- Moritz Muehlenhoff <jmm at debian.org>  Mon, 12 Mar 2007 18:48:15 +0000

--- Changes for php4 (php4-mysql php4-gd libapache2-mod-php4 php4-common) ---
php4 (4:4.3.10-19) stable-security; urgency=high

  * NMU prepared for the security team by the package maintainer
  * The following security issues are addressed with this update:
    - CVE-2007-0906: Multiple buffer overflows in various code:
      * session (addressed in patch for CVE-2007-0910 below)
      * imap (CVE-2007-0906-imap.patch)
      * str_replace: (CVE-2007-0906-strreplace.patch)
      * the zip, sqlite, stream filters, mail, and interbase related 
        vulnerabilities in this CVE do not affect the debian sarge php4 
        source package.
    - CVE-2007-0907: Buffer underflow in sapi_header_op (CVE-2007-0907.patch)
    - CVE-2007-0908: wddx module information disclosure (CVE-2007-0908.patch)
    - CVE-2007-0909: More buffer overflows:
      * the odbc_result_all function (CVE-2007-0909-odbc.patch)
      * various formatted print functions (CVE-2007-0909-printf.patch)
    - CVE-2007-0910: Clobbering of super-global variables (CVE-2007-0910.patch)
    - CVE-2007-0988: DoS in unserialize on 64bit platforms (CVE-2007-0988.patch)
  * The package maintainers would like to thank Joe Orton from redhat and
    Martin Pitt from ubuntu for their help in the preparation of this update.

 -- sean finney <seanius at debian.org>  Tue, 27 Feb 2007 00:31:08 +0100

--- Changes for tcpdump ---
tcpdump (3.8.3-5sarge2) stable-security; urgency=high

  * debian/patches/60_CVE-2007-1218.dpatch: New patch, fixes a potential
    buffer overflow in the 802.11 printer. References:
    + CVE-2007-1218
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413430
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise at debian.org>  Sun, 18 Mar 2007 23:21:06 +0100

========================================================================

You can perform the upgrade by issuing the command:

	apt-get dist-upgrade

as root on dochas.stdlib.net

It is recommended that you simulate the upgrade first to confirm that
the actions that would be taken are reasonable. The upgrade may be 
simulated by issuing the command:

	apt-get -s dist-upgrade

-- 
apticron



More information about the Admins mailing list