As indicated in the Etch release notes, security support for the
Iceweasel version in the oldstable distribution (Etch) needed to be
stopped before the end of the regular security maintenance life cycle.
Read the full story: DSA-1753 iceweasel – end-of-life announcement for Iceweasel in oldstable: http://www.debian.org/security/2009/dsa-1753
The security update for proftpd-dfsg in DSA-1727-1 caused a regression
with the postgresql backend. This update corrects the flaw. Also it was
discovered that the oldstable distribution (etch) is not affected by the
security issues. For reference the original advisory follows.
Read the full story: DSA-1730 proftpd-dfsg – SQL injection vulnerabilites: http://www.debian.org/security/2009/dsa-1730
In DSA-1603-1, Debian released an update to the BIND 9 domain name
server, which introduced UDP source port randomization to mitigate
the threat of DNS cache poisoning attacks (identified by the Common
Vulnerabilities and Exposures project as
CVE-2008-1447).
The fix, while correct, was incompatible with the version of SELinux Reference
Policy shipped with Debian Etch, which did not permit a process running in the
named_t domain to bind sockets to UDP ports other than the standard ‘domain’
port (53).
The incompatibility affects both the ‘targeted’ and ’strict’ policy packages
supplied by this version of refpolicy.
Read the full story: DSA-1617 refpolicy – incompatible policy: http://www.debian.org/security/2008/dsa-1617