![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Martin Schulze <joey@infodrom.org>
To: Debian Development Announcements <debian-devel-announce@lists.debian.org>
Subject: Preparing Debian GNU/Linux 2.2r5
Date: Wed, 9 Jan 2002 19:53:05 +0100
Preparation of Debian GNU/Linux 2.2r5
=====================================
An up-to-date version is at http://master.debian.org/~joey/2.2r5/
I am preparing 2.2r5 and will send reports so people can actually
comment on it. The plan is to get this revision of Debian GNU/Linux
2.2 (codename `potato') out real soon now. James Troup still has
to give the final approval for each package. However, I will try
to make his work as easy as possible in the hope to get the next
revision out properly. Thanks for your attention.
Development for 2.2r5 is near being finished ready to be released.
This may also be the last version of the 2.2 series, depending on
how well the woody release is going. There is, however, still a
possibility 2.2r6 (to be scheduled at the beginning of March) has to
be released before 3.0.
My requirements for packages to go into stable:
1. The package fixes a security problem. An advisory by our own
Security Team would be quite helpful.
2. The package fixes a critical bug which can lead into data loss,
data corruption, or an overly broken system, or the package is
broken or not usable (anymore).
3. The stable version of the package is not installable at all due to
broken or unmet dependencies or broken installation scripts
4. The package gets all architectures in stable in sync.
5. All released architectures have to be in sync.
Packages which I will most probably reject:
. Package which fix non-critical bugs
. Misplaced uploads, i.e. packages that were uploaded to 'stable
unstable' or `frozen unstable'
. Packages for which its binary packages are out of sync with regard
to all supported architectures in the stable distribution.
. Binary packages for which the source got lost somehow
Accepted packages
-----------------
These packages should be installed into stable and be part of the next
revision.
apache stable 1.3.9-13.2 alpha, arm, i386, m68k, powerpc, sparc
apache testing 1.3.19-1 alpha, arm, i386, m68k, powerpc, sparc
apache unstable 1.3.19-1 hurd-i386
apache unstable 1.3.20-1.1 alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc
apache updates 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc
* Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li>
* Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent
revealing of directory contents.
This looks like a half security update, right?
DSA 067-1 is a broken security upload and requires an update. [further]
2002-01-02: It would be nice if somebody could tell me why I
tagged this version 'broken'. I don't think it's because of a
missing fix for Bug#73013, so I don't remember anymore. *sigh*
base-config stable 0.32 alpha
base-config stable 0.33.2 arm, i386, m68k, powerpc, sparc
base-config updates 0.33.2 alpha
Sync with other architectures
ChangeLog also says:
* Corrected stupid typo in templates file, Closes: #74785, #74815,
#74828
* This problem makes it impossible to install the package, so it is
important and must go in.
bb stable 1.2-9 i386, powerpc
bb stable 1.2-9.0.1 alpha
bb updates 1.2-9 sparc
Package was missing from stable.
bwbasic stable 2.20pl2-3 alpha, i386, m68k, powerpc
bwbasic stable 2.20pl2-3.1 sparc
bwbasic updates 2.20pl2-3.2 alpha, arm, i386, m68k, powerpc, sparc
* New maintainer.
* Recompile. Due to strange interactions with libc6, functions
weren't interpreted, and the package was practically unusable.
Closes: #108924.
catsboot updates 0.2.2 arm
Boot glue for ARM CATS systems
Required on some ARM systems
current stable boot-floppies Build-Depend on it.
dtaus stable 0.4-1 alpha, arm, i386, m68k, powerpc, sparc
dtaus updates 0.6-0potato1 alpha, arm, i386, m68k, powerpc, sparc
* Repackaged for potato because the version of dtaus in potato isn't
able to create DTAUS files using the Euro currency which is the one
and only official currency in Germany since yesterday. Hence, the
version in potato is entirely useless since yesterday and has to be
updated if people are using it for their money management.
eximon stable 3.12-10.1 alpha, arm, i386, m68k, powerpc, sparc
eximon updates 3.12-10.2 alpha, arm, i386, m68k, powerpc, sparc
exim stable 3.12-10.1 alpha, arm, i386, m68k, powerpc, sparc
exim updates 3.12-10.2 alpha, arm, i386, m68k, powerpc, sparc
Security Update, DSA 097
freewnn-common stable 1.1.0+1.1.1-a016-1 all
freewnn-common updates 1.1.0+1.1.1-a016-1.potato.3 all
freewnn-cserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
* [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4
- adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively
instead of running as root user
- restrict upload/create path under jserver_dir
The 2nd upload is required to make the package installable
*sigh* At least, it is proved to be tested now...
gpg-idea stable 2 m68k
gpg-idea stable 2.1.1 alpha, i386, powerpc, sparc
gpg-rsaref stable 1.1-1 alpha
gpg-rsaref stable 1.1-2 arm, i386, powerpc, sparc
gpg-rsa stable 2 m68k
gpg-rsa stable 2.1.1 alpha, i386, powerpc, sparc
GnuPG provides this functionality already, it replaces these
packages just fine, they are not needed anymore. Even worse,
they are not even installable anymore, since they depend on
gnupg but gnupg conflicts with them.
gpm stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc
gpm updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc
libgpm1-altdev stable 1.17.8-18 i386, m68k
libgpm1-altdev stable 1.17.8-9 sparc
libgpm1-altdev updates 1.17.8-18.1 i386, m68k
libgpm1 stable 1.17.8-18 i386, m68k
libgpm1 stable 1.17.8-9 sparc
libgpm1 updates 1.17.8-18.1 i386, m68k
libgpmg1-dev stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc
libgpmg1-dev updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc
libgpmg1 stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc
libgpmg1 updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc
Security upload: DSA 095
groff stable 1.15.2-2 alpha, arm, i386, m68k, powerpc, sparc
groff updates 1.15.2-3 alpha, arm, i386, m68k, powerpc, sparc
* Use lpr as the print spooler, even if it happens not to be
installed on the build system. Version 1.15.2-2 broke 'groff
-l', which worked with previous versions of groff in stable
(thanks, Mike Fontenot).
Since I can't even find a single bug report that says 'groff
-l' is broken in stable, I guess it will only be used on
accident. Hence, I don't think this justifies an update to stable.
I rethought my decision again. 2.2r3 had a working version,
2.2r4 unfortunately broke it. We should tryto fix that.
Upgrading from r3 or older to the next current version should
not break more things but fix them. *sigh*
imp stable 2:2.2.3-0.potato.4 all
imp updates 2:2.2.6-0.potato.3 all
DSA 073, though it mentioned imp 2.2.6-0.potato.1
The maintainer, Ola Lundqvist, commented:
"The potato.1 version (the real security fix) was broken. :(
I uploaded it too fast, without testing the postgres part. It also
had some other minor issues because I forgot to apply one patch.
So if any new packages of horde and imp should go to a new revision
only the latest version should go there (from proposed-updates)."
.4: SECURITY FIX, backport from 2.2.7, closes: #118986
inn2-dev stable 2.2.2.2000.01.31-2 arm
inn2-dev stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc
inn2-dev updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc
inn2-inews stable 2.2.2.2000.01.31-2 arm
inn2-inews stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc
inn2-inews updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc
inn2 stable 2.2.2.2000.01.31-2 arm
inn2 stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc
inn2 updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc
task-news-server stable 2.2.2.2000.01.31-4 all
task-news-server updates 2.2.2.2000.01.31-5 all
Security Update, DSA 023
Bdale reports a serious problem with this upload, it broke
some functionality. He's going to upload a fixed version, so
this will have to wait for 2.2r5 (formerly 2.2r4) then. Fixed
for 2.2.2.2000.01.31-5.
kernel-image-2.2.19-netwinder stable 20010414 arm
kernel-image-2.2.19-netwinder updates 20011103 arm
kernel-image-2.2.19-riscpc stable 20010414 arm
kernel-image-2.2.19-riscpc updates 20011109 arm
kernel-patch-2.2.19-arm stable 20010414 all
kernel-patch-2.2.19-arm updates 20011109 all
Rebuilt with current kernel that has security fixes
incorporated, was supposed for 2.2r4 but uploaded too late.
ARM 20011109: Build against kernel-source 2.2.19.1-2 and latest ARM patch.
mac-fdisk stable 0.1-3 m68k
mac-fdisk stable 0.1-6.0potato1 powerpc
mac-fdisk updates 0.1-6.0potato1 m68k
pmac-fdisk-cross stable 0.1-3 m68k
pmac-fdisk-cross updates 0.1-6.0potato1 m68k
Get m68k and powerpc back in sync, package is required for
installation of NewWorld powerpc machines.
mailman stable 1.1-8 alpha, arm, i386, m68k, powerpc, sparc
mailman updates 1.1-10 alpha, arm, i386, m68k, powerpc, sparc
Security Fix. Related to DSA 094?
Changelog for 1.1-9:
* Cross site scripting (CSS) fixes, backported from Mailman 2.0.8.
* Support list names with spaces in them.
Changelog for 1.1-10:
* Add missing paranthesis in Mailman/Cgi/edithtml.py, line 88
make-doc stable 3.79.1-1.potato.1 all
make stable 3.78.1-8 alpha
make stable 3.79.1-1.potato.1 arm, i386, m68k, powerpc, sparc
make updates 3.79.1-1.potato.1 alpha
Get versions in sync
modconf stable 0.2.26.14 all
modconf updates 0.2.26.14.1 all
Included patch for secure tempfile handling, see #117283 for
details
mutt stable 1.2.5-4 alpha, arm, i386, m68k, powerpc, sparc
mutt updates 1.2.5-5 alpha, arm, i386, m68k, powerpc, sparc
Security update: DSA 096
* Applied patch-1.2.5.tlr.terminate.1 to fix a remotely exploitable
buffer overflow.
nedit updates 1:5.1.1-3 alpha, arm, i386, m68k, powerpc, sparc
nedit is now Free Software.
telnetd stable 0.16-4 alpha
telnetd stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc
telnetd updates 0.16-4potato.3 alpha, arm, i386, m68k, powerpc, sparc
telnet stable 0.16-4 alpha
telnet stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc
telnet updates 0.16-4potato.3 alpha, arm, i386, m68k, powerpc, sparc
Changelog says:
* Fixed same overflow with minimal change.
DSA 070 mentioned version 0.16-4potato.2 [further]
ldap-rfc stable 1:1.2.12-1 all
ldap-rfc updates 1:1.2.12-2 all
libopenldap-dev stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
libopenldap-dev updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc
libopenldap-runtime stable 1:1.2.12-1 all
libopenldap-runtime updates 1:1.2.12-2 all
libopenldap1 stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
libopenldap1 updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc
openldap-gateways stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldap-gateways updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc
openldap-utils stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldap-utils updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc
openldapd stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldapd updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc
Minor bugfix:
* Include backport of billion second bug.
ssh-askpass-gnome stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc
ssh-askpass-gnome updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc
ssh-askpass-ptk stable 1:1.2.3-9.3 all
ssh-askpass-ptk updates 1:1.2.3-9.4 all
ssh stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc
ssh updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc
Security Fix, DSA 091
php4-cgi-gd stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-gd updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-imap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-imap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-ldap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-ldap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-mhash stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-mhash updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-mysql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-mysql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-snmp stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-snmp updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi-xml stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi-xml updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-cgi stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-cgi updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-dev stable 4.0.3pl1-0potato1 all
php4-dev updates 4.0.3pl1-0potato2 all
php4-gd stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-gd updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-imap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-imap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-ldap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-ldap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-mhash stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-mhash updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-mysql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-mysql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-pgsql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-pgsql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-snmp stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-snmp updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4-xml stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4-xml updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
php4 stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc
php4 updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc
Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further]
Roland Bauerschmidt reports "php4-cgi broken". Look at
#89431. /usr/lib/cgi-bin/php4 is a symlink to
debian/php4-cgi/usr/bin/php4 which of course doesn't exist.
postfix stable 0.0.19991231pl11-1 alpha, arm, i386, m68k, powerpc, sparc
postfix updates 0.0.19991231pl11-2 alpha, arm, i386, m68k, powerpc, sparc
* Fix 'smtpd command log memory exhaustion' problem.
* Fix dhelp dangling symlink problem. Closes: #91877, #97332.
* Rebuild on current potato. Closes: #102388, #99220.
Security Fix: DSA 093
ecpg stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
ecpg updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
libpgperl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgperl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
libpgsql2 stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgsql2 updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
libpgtcl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgtcl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
odbc-postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
odbc-postgresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
pgaccess stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
pgaccess updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql-client stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-client updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql-contrib stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-contrib updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql-dev stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-dev updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql-doc stable 6.5.3-26 all
postgresql-doc updates 6.5.3-27 all
postgresql-pl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-pl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql-test stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-test updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
python-pygresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
python-pygresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc
* postgresql: applied patch from Ben Pfaff <pfaffben@msu.edu> to cure
problem with segfault in pg_dump. High urgency because pg_dump is
essential for transferring data when upgrading postgresql.
Closes: #101940
No security update but something that is anticipated to
prevent data loss, I'm convinced.
skkinput stable 1:2.03-2 alpha
skkinput stable 1:2.03-3.potato.1 arm, i386, m68k, powerpc, sparc
skkinput updates 1:2.03-3.potato.1 alpha
Get versions back in sync
ssh-askpass-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-askpass-nonfree updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc
ssh-nonfree stable 1.2.27-3 m68k
ssh-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-nonfree updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc
ssh-socks stable 1.2.27-3 m68k
ssh-socks stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-socks updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc
* Urgency high because this addresses a well-known vulnerability which
is being exploited.
* Add security fixes from -7.
* Add build-depends.
* Remove client's setuid bit; people who need it can turn it back on,
and everyone else will be safer.
tkseti stable 2.10-1 arm
tkseti stable 2.12-1 powerpc
tkseti stable 2.12-2 alpha, i386, sparc
tkseti updates 2.12-2 arm, powerpc
Get versions back in sync.
wu-ftpd-academ stable 2.6.0-5.3 all
wu-ftpd-academ updates 2.6.0-6 all
wu-ftpd stable 2.6.0-5.3 alpha, arm, i386, m68k, powerpc, sparc
wu-ftpd updates 2.6.0-6 alpha, arm, i386, m68k, powerpc, sparc
Security upload, DSA 087
xtel stable 3.2.1-4 alpha, arm, i386, m68k, powerpc, sparc
xtel updates 3.2.1-4.potato.1 alpha, arm, i386, m68k, powerpc, sparc
* New maintainer
* Security fixes:
- symlink vulnerability in xteld (see #87787).
- symlink vulnerability in xtel while printing harcopy of screen.
- run xteld under control of tcpd to be able to restrict access to the
service from network.
* Backport of annoying and easy to fix bugs from woody version of xtel:
- Fixed segfaults (see #43566).
- Fixed a little typo in the /etc/xtel/lignes file.
- Fixed creation of the symlink to french doc directory (see #55131).
* Other annoying fixes:
- bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command).
DSA 090
xxgdb stable 1.12-9.3 alpha, arm, i386, m68k, powerpc, sparc
xxgdb updates 1.12-9.4potato alpha, arm, i386, m68k, powerpc, sparc
* Applied a patch from Massimo Dal Zotto <dz@cs.unitn.it>. This is a
workaround for a serious bug (#94892) in libXaw.
Seems this bug makes xxgdb useless in stable
yabasic stable 2.42-1 arm
yabasic stable 2.53-1 alpha, i386, m68k, powerpc, sparc
yabasic updates 2.53-2 alpha, arm, i386, m68k, powerpc, sparc
* New maintainer.
* yabasic.c: Fixed a /tmp race condition.
* Completed the FHS transition to allow building with a recent
debhelper. Closes: #98875.
No DSA assigned, maintainer, please get in touch with the
Security Team
zip-crypt stable 2.30-1 arm, i386, m68k, powerpc, sparc
zip-crypt updates 2.30-1 alpha
Sync with other architectures
zsh stable 3.1.9.dev6-2 alpha
zsh stable 3.1.9.dev6-7 i386, m68k, powerpc, sparc
zsh stable 3.1.9.dev6-7.0.1 arm
zsh updates 3.1.9.dev6-7 alpha
Get versions more in sync
Further investigation
---------------------
These packages need further investigation. One reason the package is
listed here could be that I'm not yet convinced this package should go
into stable, but don't want to reject it entirely at the moment.
Another reason could be that released and updated architectures are
not in sync yet.
dump stable 0.4b16-1 alpha, arm, i386, m68k, powerpc, sparc
dump updates 0.4b25-0.potato.1 i386, m68k
* back-port dump current version to potato at the request of
Martin Schulze. The 0.4b22 upstream version included
important fixes for data corruption that can occur with the
version that was released with potato.
MISSING alpha
MISSING arm
MISSING powerpc
MISSING sparc
man2html stable 1.5-23 alpha, arm, i386, m68k, powerpc, sparc
man2html updates 1.5-23.1 arm, i386, m68k, powerpc, sparc
* Recompiled with correct CGIBASE to avoid bad links; closes: #104474.
Grave bug, warrants inclusion into stable.
MISSING alpa
nfs-common stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc
nfs-common updates 1:0.1.9.1-1.potato1 i386, m68k, sparc
nfs-kernel-server stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-server updates 1:0.1.9.1-1.potato1 i386, m68k, sparc
nhfsstone stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc
nhfsstone updates 1:0.1.9.1-1.potato1 i386, m68k, sparc
Support statd callbacks from later 2.2 kernels. (closes:
#111990)
It seems that this upload fixes a disparity between late 2.2
kernels and the older nfs-utils package from stable in
connection with statd/lockd.
MISSING alpha
MISSING arm
MISSING powerpc
xcin stable 2.3.04-1 arm
xcin stable 2.5.1.3-1 powerpc
xcin stable 2.5.1.99.pre6.1-1 alpha
xcin stable 2.5.2-1 i386, m68k, sparc
xcin updates 2.5.2-1 alpha
Get versions back in sync
Beware: change the distribution to stable only.
MISSING arm
MISSING powerpc
Rejected packages
-----------------
These packages don't meet the requirements.
dvi2ps-fontdata-a2n stable 1.0-5 all
dvi2ps-fontdata-a2n updates 1.0-6 all
dvi2ps-fontdata-bsr stable 1.0-5 all
dvi2ps-fontdata-bsr updates 1.0-6 all
dvi2ps-fontdata-ja stable 1.0-5 all
dvi2ps-fontdata-ja updates 1.0-6 all
dvi2ps-fontdata-n2a stable 1.0-5 all
dvi2ps-fontdata-n2a updates 1.0-6 all
dvi2ps-fontdata-ptexfake stable 1.0-5 all
dvi2ps-fontdata-ptexfake updates 1.0-6 all
dvi2ps-fontdata-rrs stable 1.0-5 all
dvi2ps-fontdata-rrs updates 1.0-6 all
dvi2ps-fontdata-rsp stable 1.0-5 all
dvi2ps-fontdata-rsp updates 1.0-6 all
dvi2ps-fontdata-tbank stable 1.0-5 all
dvi2ps-fontdata-tbank updates 1.0-6 all
dvi2ps-fontdata-three stable 1.0-5 all
dvi2ps-fontdata-three updates 1.0-6 all
Misplaced upload to 'stable unstable'
icecast-server stable 1.0.0-1 alpha, arm, i386, m68k, powerpc, sparc
icecast-server updates 1.3.10-1 alpha, arm, m68k, powerpc, sparc
icecast-server updates 1.3.10-1.1 i386
Alleged security update.
Changelog says:
* Several security exploits found to icecast. No simple way to patch
* old version, so upgrade to latest stable version from icecast.org
* If questions or assistance needed join #icecast on openprojects.net IRC
Do you have a documentation about said security exploits?
That's still pending
Is it something different than this one?
"icecast" is a server used to distribute audio streams to
compatible clients such as winamp, mpg123, xmms and many
others. Matt Messier (mmessier@prilnari.com) and John Viega
(viega@list.org) have identified several buffer overflow and
format strings problems in Icecast that could be remotely
exploited.
Our latest update to this software changes the package to use
an unprivileged user ("icecast") for the daemon, so the impact
of this vulnerability is not as high. Recent distributions (CL
>= 5.1) have this package compiled with StackGuard to make it
more difficult to exploit buffer overflows.
It's said to be.
Clarification appreciated.
To make it worse, there is now Version: 1.3.10-1.1
* Binary-only recompile by security team
* Rebuild with potato libc6
roxen-doc stable 1.3.122-13 all
roxen-doc updates 1.3.122-22 all
roxen-ssl stable 1.3.122-13 all
roxen-ssl updates 1.3.122-22 all
roxen stable 1.3.122-11 arm
roxen stable 1.3.122-13 alpha, i386, m68k, sparc
roxen updates 1.3.122-22 i386
Misplaced upload:
Distribution: stable unstable
* Dropping the 'task-webserver-roxen2' package...
* Updating config.{sub|guess} Closes: #111546
samba-common stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc
samba-common updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc
samba stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc
samba updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc
smbclient stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc
smbclient updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc
smbfs stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc
smbfs updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc
swat stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc
swat updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc
ChangeLog says:
* Permanently fix problem with NMU's being built against incorrect
kernel
interfaces (closes: #94380, #95015, #102226)
* add uploaders: header to control file
This upload most probably fixes the problem with the old alpha
version not being able to run properly due to a bad build
environment. This problem may be solved by a general
change... may be... Steve Langasek should speak up...
He said:
Samba upstream takes advantage of the best system facilities
(libc/kernel) available at compile time. Because Debian
releases usually include a baseline kernel and an
'experimental' kernel, Eloy and I have introduced packaging
code in unstable that prevents Samba from detecting facilities
that it should not be compiled against. The 2.0.7-4 upload
backports these packaging mods to potato, both correcting the
problems with past alpha security NMUs and safeguarding
against the possibility of future problems with security NMUs
in potato.
Rejecting on behalf of the maintainer, see Bug#127444:
Upgrading from samba 2.0.7-3.4 to 2.0.7-4 broke printing (from
windows clients) on our misc server [..]
Disclaimer
----------
This list intends to help the ftp-masters releasing 2.2r5. They have the
final power to accept a package or not. If you want to comment on
this list, please send a mail to Martin Schulze <joey@debian.org>.
--
The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin
Please always Cc to me when replying to me on the lists.