Preparation of Debian GNU/Linux 2.2r6 ===================================== An up-to-date version is at http://master.debian.org/~joey/2.2r6/ I am preparing another revision of the stable Debian distribution (r6) and will infrequently send reports so people can actually comment on it and intervene whenever this is required. The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') out at the beginning of April this year (2002) -- some code rewrite is required though. James Troup still has to give the final approval for each package since he is the ftpmaster involved with stable revisions. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention. This may also be the last version of the 2.2 series, depending on how well the woody release is making progress. There is, however, still a possibility another update (r7, to be scheduled at the beginning of June) has to be released before Debian 3.0. My requirements for packages to go into stable: 1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. I really should make this a requirement for security uploads. 2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore). 3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts. 4. All released architectures have to be in sync. Packages, which I will most probably reject: . Package which fix non-critical bugs. . Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable'. . Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution. . Binary packages for which the source got lost somehow. Accepted packages ----------------- These packages should be installed into stable and be part of the next revision. libace-doc stable 5.0.7-4 all libace5.0-dev stable 5.0.7-2 alpha libace5.0-dev stable 5.0.7-4 arm, i386, m68k, powerpc, sparc libace5.0-dev updates 5.0.7-4 alpha libace5.0 stable 5.0.7-2 alpha libace5.0 stable 5.0.7-4 arm, i386, m68k, powerpc, sparc libace5.0 updates 5.0.7-4 alpha Get Alpha version back in sync adjtimex stable 1.10-1 alpha, i386 adjtimex stable 1.5-1 sparc adjtimex stable 1.5-3 powerpc adjtimex stable 1.7-1 arm adjtimex stable 1.8.1-1 m68k adjtimex updates 1.10-1 arm, m68k, powerpc, sparc Get versions in sync, apart from that: * New upstream release - security fix: use popen() to recover output from ntpdate, instead of an unsafe temporary file (thanks to Colin Phipps <crp22@cam.ac.uk>) (closes:bug#56752) at stable 3.1.8-10 alpha, arm, i386, m68k, powerpc, sparc at updates 3.1.8-10.2 alpha, arm, i386, m68k, powerpc, sparc Security Upload, DSA 102 cfs stable 1.3.3-8 alpha, arm, i386, m68k, powerpc, sparc, source cfs updates 1.3.3-8.1 alpha, arm, i386, m68k, powerpc, sparc, source Security Upload, DSA 116 * bug: buffer overflows in cfsd server daemon code: cvs_adm.c, cvs_fh.c (thx Zorgon for pointing at this). Some careless strcpy()'s in the server code caused cfsd to die with segfault when attaching crypto directories with long pathnames and on filehandle operations in attached crypto directories with long pathnames, see bug #135903 for details (closes: #135903). cupsys-bsd stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc cupsys-bsd updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc cupsys stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc, source cupsys updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc, source libcupsys1-dev stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc libcupsys1-dev updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc libcupsys1 stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc libcupsys1 updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc -10: Security upload: DSA 110, Buffer overflow -11: More security fixes: more complete patch for attribute buffer handling and a more correct path validation check to prevent ".." attacks. -12: Remove lpd backend for security reasons. cvs-doc stable 1.10.7-7 all cvs-doc updates 1.10.7-9 all cvs stable 1.10.7-7 alpha, arm, i386, m68k, powerpc, sparc, source cvs updates 1.10.7-9 alpha, arm, i386, m68k, powerpc, sparc, source * Add fix for possible security hole i diff, thanks to Niels Heinen for pointing it out, and Larry Jones for the patch. DSA 117 - improper variable initialization dump stable 0.4b16-1 alpha, arm, i386, m68k, powerpc, sparc dump updates 0.4b25-0.potato.1 alpha, arm, i386, m68k, powerpc, sparc * back-port dump current version to potato at the request of Martin Schulze. The 0.4b22 upstream version included important fixes for data corruption that can occur with the version that was released with potato. everybuddy stable 0.0.7-3 alpha, arm, i386, m68k, powerpc, sparc, source The current maintainer, Michael D. Ivey, told me that the potato version is so out-dated that it doesn't work with any current protocol, thus is completely useless. There may even be security implications, that are dubious. The current maintainer has agreed to remove the package from stable. faqomatic stable 2.603-1.1 all faqomatic updates 2.603-1.2 all Security upload, DSA 109, cross-site scripting vulnerability fml stable 3.0+beta.20000106-1 all fml updates 3.0+beta.20000106-5 all DSA 088, improper character escaping gcc stable 1:2.95.2-13 alpha, i386, powerpc, sparc gcc stable 1:2.95.2-13.1 arm, m68k gcc updates 1:2.95.2-13.1 alpha, i386, powerpc, sparc Changelog says: * Non-maintainer upload * Add new patch for ARM (closes #75801) Clarification required. Doko queried. He approved, the patch is conditionalized so gets only applied on ARM. glibc-doc stable 2.1.3-19 all glibc-doc updates 2.1.3-20 all i18ndata stable 2.1.3-19 all i18ndata updates 2.1.3-20 all libc6-dbg stable 2.1.3-19 arm, i386, m68k, powerpc, sparc libc6-dbg updates 2.1.3-20 arm, i386, m68k, powerpc, sparc libc6-dev stable 2.1.3-19 arm, i386, m68k, powerpc, sparc libc6-dev updates 2.1.3-20 arm, i386, m68k, powerpc, sparc libc6-pic stable 2.1.3-19 arm, i386, m68k, powerpc, sparc libc6-pic updates 2.1.3-20 arm, i386, m68k, powerpc, sparc libc6-prof stable 2.1.3-19 arm, i386, m68k, powerpc, sparc libc6-prof updates 2.1.3-20 arm, i386, m68k, powerpc, sparc libc6.1-dbg stable 2.1.3-19 alpha libc6.1-dbg updates 2.1.3-20 alpha libc6.1-dev stable 2.1.3-19 alpha libc6.1-dev updates 2.1.3-20 alpha libc6.1-pic stable 2.1.3-19 alpha libc6.1-pic updates 2.1.3-20 alpha libc6.1-prof stable 2.1.3-19 alpha libc6.1-prof updates 2.1.3-20 alpha libc6.1 stable 2.1.3-19 alpha libc6.1 updates 2.1.3-20 alpha libc6 stable 2.1.3-19 arm, i386, m68k, powerpc, sparc libc6 updates 2.1.3-20 arm, i386, m68k, powerpc, sparc locales stable 2.1.3-19 alpha, arm, i386, m68k, powerpc, sparc locales updates 2.1.3-20 alpha, arm, i386, m68k, powerpc, sparc nscd stable 2.1.3-19 alpha, arm, i386, m68k, powerpc, sparc nscd updates 2.1.3-20 alpha, arm, i386, m68k, powerpc, sparc Glob security patch. DSA 103 gnujsp stable 1.0.0-4 all, source gnujsp updates 1.0.0-5 all, source Security fix for disclosure of directory contents and script sources DSA 114 gzip stable 1.2.4-33 alpha, arm, i386, m68k, powerpc, sparc, source gzip updates 1.2.4-33.1 alpha, arm, i386, m68k, powerpc, sparc, source DSA 100 - Buffer overflow hanterm stable 1:3.3.1p17-5.1 alpha, arm, i386, m68k, powerpc, sparc, source hanterm updates 1:3.3.1p17-5.2 alpha, arm, i386, m68k, powerpc, sparc, source DSA 112 icecast-server stable 1.0.0-1 alpha, arm, i386, m68k, powerpc, sparc icecast-server updates 1.3.10-1 alpha, arm, m68k, powerpc, sparc icecast-server updates 1.3.10-1.1 i386 DSA 089 jgroff stable 1.15+ja-3.2 alpha, arm, i386, m68k, powerpc, sparc jgroff updates 1.15+ja-3.4 alpha, arm, i386, m68k, powerpc, sparc DSA 107 kernel-doc-2.2.19 stable 2.2.19.1-2 all kernel-doc-2.2.19 updates 2.2.19.1-4 all kernel-headers-2.2.19-compact stable 2.2.19-4potato.5 i386 kernel-headers-2.2.19-compact updates 2.2.19-4potato.7 i386 kernel-headers-2.2.19-idepci stable 2.2.19-4potato.5 i386 kernel-headers-2.2.19-idepci updates 2.2.19-4potato.7 i386 kernel-headers-2.2.19-ide stable 2.2.19-4potato.5 i386 kernel-headers-2.2.19-ide updates 2.2.19-4potato.7 i386 kernel-headers-2.2.19 stable 2.2.19-1potato.3 alpha kernel-headers-2.2.19 stable 2.2.19-2 m68k kernel-headers-2.2.19 stable 2.2.19-2.0potato1 powerpc kernel-headers-2.2.19 stable 2.2.19-4potato.5 i386 kernel-headers-2.2.19 updates 2.2.19-1potato.5 alpha kernel-headers-2.2.19 updates 2.2.19-2.0potato2 powerpc kernel-headers-2.2.19 updates 2.2.19-4potato.7 i386 kernel-image-2.2.19-chrp stable 2.2.19-2.0potato1 powerpc kernel-image-2.2.19-chrp updates 2.2.19-2.0potato2 powerpc kernel-image-2.2.19-compact stable 2.2.19-4potato.5 i386 kernel-image-2.2.19-compact updates 2.2.19-4potato.7 i386 kernel-image-2.2.19-generic stable 2.2.19-1potato.3 alpha kernel-image-2.2.19-generic updates 2.2.19-1potato.5 alpha kernel-image-2.2.19-idepci stable 2.2.19-4potato.5 i386 kernel-image-2.2.19-idepci updates 2.2.19-4potato.7 i386 kernel-image-2.2.19-ide stable 2.2.19-4potato.5 i386 kernel-image-2.2.19-ide updates 2.2.19-4potato.7 i386 kernel-image-2.2.19-jensen stable 2.2.19-1potato.3 alpha kernel-image-2.2.19-jensen updates 2.2.19-1potato.5 alpha kernel-image-2.2.19-nautilus stable 2.2.19-1potato.3 alpha kernel-image-2.2.19-nautilus updates 2.2.19-1potato.5 alpha kernel-image-2.2.19-pmac stable 2.2.19-2.0potato1 powerpc kernel-image-2.2.19-pmac updates 2.2.19-2.0potato2 powerpc kernel-image-2.2.19-prep stable 2.2.19-2.0potato1 powerpc kernel-image-2.2.19-prep updates 2.2.19-2.0potato2 powerpc kernel-image-2.2.19-smp stable 2.2.19-1potato.3 alpha kernel-image-2.2.19-smp updates 2.2.19-1potato.5 alpha kernel-image-2.2.19 stable 2.2.19-4potato.5 i386 kernel-image-2.2.19 updates 2.2.19-4potato.7 i386 kernel-patch-2.2.19-powerpc stable 2.2.19-2.0potato1 all, source kernel-patch-2.2.19-powerpc updates 2.2.19-2.0potato2 all, source kernel-source-2.2.19 stable 2.2.19.1-2 all, source kernel-source-2.2.19 updates 2.2.19.1-4 all, source Security Update (following up to DSA 122) kernel-source 2.2.19.1-3: Fixed double free in drivers/net/zlib.c kernel-source 2.2.19.1-4: Fixed remaining double free in drivers/net/zlib.c kernel-image-2.2.19-alpha_2.2.19-1potato.5: built against 2.2.19.1-4 kernel-image-2.2.19-i386_2.2.19-4potato.7: built against 2.2.19.1-4 kernel-patch-2.2.19-powerpc_2.2.19-2.0potato2: built against 2.2.19.1-4 MISSING m68k: elmo -u -e -a source -v 2.2.19.1-4 kernel-source-2.2.19 listar-cgi stable 0.129a-2 alpha, arm, i386, m68k, powerpc, sparc listar-cgi updates 0.129a-2.potato1 alpha, arm, i386, m68k, powerpc, sparc listar stable 0.129a-2 alpha, arm, i386, m68k, powerpc, sparc, source listar updates 0.129a-2.potato1 alpha, arm, i386, m68k, powerpc, sparc, source DSA 123 - Remote exploit maildrop stable 0.75-2 alpha maildrop stable 0.75-2.1 arm, i386, m68k, powerpc, sparc, source maildrop updates 0.75-2.1 alpha Get versions back in sync man2html stable 1.5-23 alpha, arm, i386, m68k, powerpc, sparc man2html updates 1.5-23.1 alpha, arm, i386, m68k, powerpc, sparc * Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable. masqmail stable 0.0.12-2 alpha masqmail stable 0.0.12-3 arm, i386, m68k, powerpc, sparc, source masqmail updates 0.0.12-3 alpha Get versions back in sync libmhash1 stable 0.6.1-1 alpha, i386, m68k, powerpc, sparc libmhash1 updates 0.6.1-1 arm mhash stable 0.6.1-1 source Get versions back in sync apache-ssl stable 1.3.9.13-2 alpha, arm, i386, m68k, powerpc, sparc, source apache-ssl updates 1.3.9.13-4 alpha, arm, i386, m68k, powerpc, sparc, source libapache-mod-ssl-doc stable 2.4.10-1.3.9-1 all libapache-mod-ssl-doc updates 2.4.10-1.3.9-1potato1 all libapache-mod-ssl stable 2.4.10-1.3.9-1 alpha, arm, i386, m68k, powerpc, sparc, source libapache-mod-ssl updates 2.4.10-1.3.9-1potato1 alpha, arm, i386, m68k, powerpc, sparc, source DSA 120 - Buffer overflow in mod_ssl and apache-ssl mtr stable 0.41-5 alpha, arm, i386, m68k, powerpc, sparc, source mtr updates 0.41-6 alpha, arm, i386, m68k, powerpc, sparc, source DSA 124 - buffer overflow libncurses5-dbg stable 5.0-6.0potato1 alpha, arm, i386, m68k, powerpc, sparc libncurses5-dbg updates 5.0-6.0potato2 alpha, arm, i386, m68k, powerpc, sparc libncurses5-dev stable 5.0-6.0potato1 alpha, arm, i386, m68k, powerpc, sparc libncurses5-dev updates 5.0-6.0potato2 alpha, arm, i386, m68k, powerpc, sparc libncurses5 stable 5.0-6.0potato1 alpha, arm, i386, m68k, powerpc, sparc libncurses5 updates 5.0-6.0potato2 alpha, arm, i386, m68k, powerpc, sparc ncurses-base stable 5.0-6.0potato1 all ncurses-base updates 5.0-6.0potato2 all ncurses-bin stable 5.0-6.0potato1 alpha, arm, i386, m68k, powerpc, sparc ncurses-bin updates 5.0-6.0potato2 alpha, arm, i386, m68k, powerpc, sparc ncurses-term stable 5.0-6.0potato1 all ncurses-term updates 5.0-6.0potato2 all DSA 113 Security upload, fixing a buffer overflow I missed in the original pass through the code (Closes: #118002). libncurses4-dev stable 4.2-9 alpha, arm, i386, m68k, sparc libncurses4-dev updates 4.2-9 powerpc libncurses4 stable 4.2-6 powerpc libncurses4 stable 4.2-9 alpha, arm, i386, m68k, sparc libncurses4 updates 4.2-9 powerpc It's all Heidi's fault. It'll get the version in potato in sync at least. libnasl0-dev stable 0.99.2-1 alpha libnasl0-dev stable 0.99.4-1 i386, m68k, powerpc, sparc libnasl0-dev updates 0.99.4-1 alpha libnasl0 stable 0.99.2-1 alpha libnasl0 stable 0.99.4-1 i386, m68k, powerpc, sparc libnasl0 updates 0.99.4-1 alpha libnessus0-dev stable 0.99.2-1 alpha libnessus0-dev stable 0.99.4-1 i386, m68k, powerpc, sparc libnessus0-dev updates 0.99.4-1 alpha libnessus0 stable 0.99.2-1 alpha libnessus0 stable 0.99.4-1 i386, m68k, powerpc, sparc libnessus0 updates 0.99.4-1 alpha nessus-plugins stable 0.99.2-1 alpha nessus-plugins stable 0.99.4-1 i386, m68k, powerpc, sparc, source nessus-plugins updates 0.99.4-1 alpha Get Alpha version of nessus/libnasl back in sync netkit-ntalk stable 0.10-8 source talkd stable 0.10-7 alpha talkd stable 0.10-8 arm, i386, m68k, powerpc, sparc talkd updates 0.10-8 alpha talk stable 0.10-7 alpha talk stable 0.10-8 arm, i386, m68k, powerpc, sparc talk updates 0.10-8 alpha Get Alpha version back in sync nfs-common stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nfs-common updates 1:0.1.9.1-1.potato1 alpha, arm, i386, m68k, powerpc, sparc nfs-kernel-server stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nfs-kernel-server updates 1:0.1.9.1-1.potato1 alpha, arm, i386, m68k, powerpc, sparc nhfsstone stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nhfsstone updates 1:0.1.9.1-1.potato1 alpha, arm, i386, m68k, powerpc, sparc Support statd callbacks from later 2.2 kernels. (Bug#111990) It seems that this upload fixes a disparity between late 2.2 kernels and the older nfs-utils package from stable in connection with statd/lockd. Problem seems to exist for non-Linux clients at least. pcmcia-modules-2.2.19-compact stable 3.1.22-0.2potatok4potato.5 i386 pcmcia-modules-2.2.19-compact updates 3.1.22-0.2potatok4potato.7 i386 pcmcia-modules-2.2.19-idepci stable 3.1.22-0.2potatok4potato.5 i386 pcmcia-modules-2.2.19-idepci updates 3.1.22-0.2potatok4potato.7 i386 pcmcia-modules-2.2.19-ide stable 3.1.22-0.2potatok4potato.5 i386 pcmcia-modules-2.2.19-ide updates 3.1.22-0.2potatok4potato.7 i386 pcmcia-modules-2.2.19-pmac stable 3.1.22-0.2potatok2.0potato1 powerpc pcmcia-modules-2.2.19-pmac updates 3.1.22-0.2potatok2.0potato2 powerpc pcmcia-modules-2.2.19 stable 3.1.22-0.2potatok4potato.5 i386 pcmcia-modules-2.2.19 updates 3.1.22-0.2potatok4potato.7 i386 These packages seem to update pcmcia-cs for current kernel images. Why no different changelog entry? Herbert Xu: Because of the way pcmcia-cs is arranged. The same pcmcia source is used to compile against arbitrary kernel module packages. Why for that ancient kernel source instead of the newly uploaded kernel-source 2.2.19.1-4? Herbert Xu: The changelog entry is for pcmcia-cs, not the module. The version number can be deduced from the deb itself. Do a dpkg -I on it and check the Depends field. php3-cgi-gd stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-gd updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-imap stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-imap updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-ldap stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-ldap updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-magick stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-magick updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-mhash stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-mhash updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-mysql stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-mysql updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-pgsql stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-pgsql updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-snmp stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-snmp updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-xml stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi-xml updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-cgi updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-dev stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-dev updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-gd stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-gd updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-imap stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-imap updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-ldap stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-ldap updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-magick stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-magick updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-mhash stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-mhash updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-mysql stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-mysql updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-pgsql stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-pgsql updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-snmp stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-snmp updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3-xml stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc php3-xml updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc php3 stable 3:3.0.18-0potato1 alpha, arm, i386, m68k, powerpc, sparc, source php3 updates 3:3.0.18-0potato1.1 alpha, arm, i386, m68k, powerpc, sparc, source php4-cgi-gd stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-gd updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-imap stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-imap updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-ldap stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-ldap updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-mhash stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-mhash updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-mysql stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-mysql updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-pgsql stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-pgsql updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-snmp stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-snmp updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi-xml stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-xml updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-cgi stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-dev stable 4.0.3pl1-0potato2 all php4-dev updates 4.0.3pl1-0potato3 all php4-gd stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-gd updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-imap stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-imap updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-ldap stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-ldap updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-mhash stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-mhash updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-mysql stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-mysql updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-pgsql stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-pgsql updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-snmp stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-snmp updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4-xml stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-xml updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc php4 stable 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc, source php4 updates 4.0.3pl1-0potato3 alpha, i386, m68k, powerpc, sparc, source DSA 115 - Broken boundary check and more pine396-diffs stable 5 all pine396-src stable 3 all pine4-diffs stable 2 all pine4-src stable 1 all These PINE packages contain security problems and the maintainer agrees that it would be best to remove them from the stable directory entirely. People who still want to use PINE should check the pine-tracker package. pine: Bad url handling exploit remove pine remove pine396-diffs remove pine396-src remove pine4 remove pine4-diffs remove pine4-src samba-common stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc samba-common updates 2.0.7-5 alpha, arm, i386, m68k, powerpc, sparc samba-doc stable 2.0.7-3.4 all samba-doc updates 2.0.7-5 all samba stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc samba updates 2.0.7-5 alpha, arm, i386, m68k, powerpc, sparc smbclient stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc smbclient updates 2.0.7-5 alpha, arm, i386, m68k, powerpc, sparc smbfs stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc smbfs updates 2.0.7-5 alpha, arm, i386, m68k, powerpc, sparc swat stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc swat updates 2.0.7-5 alpha, arm, i386, m68k, powerpc, sparc ChangeLog says: * Permanently fix problem with NMU's being built against incorrect kernel interfaces (closes: #94380, #95015, #102226) * add uploaders: header to control file This upload most probably fixes the problem with the old alpha version not being able to run properly due to a bad build environment. This problem may be solved by a general change... may be... Steve Langasek should speak up... He said: Samba upstream takes advantage of the best system facilities (libc/kernel) available at compile time. Because Debian releases usually include a baseline kernel and an 'experimental' kernel, Eloy and I have introduced packaging code in unstable that prevents Samba from detecting facilities that it should not be compiled against. The 2.0.7-4 upload backports these packaging mods to potato, both correcting the problems with past alpha security NMUs and safeguarding against the possibility of future problems with security NMUs in potato. New Changelog says (2.0.7-5): * Add Build-Depends line; the previous upload was missing potentially important library linkage on some architectures. * Fix debian/rules to use xxx-linux instead of xxx-linux-gnu; config.sub doesn't grok the latter, causing printing to break (closes: #127444) According to Steve Langasek this version is fine and suited for stable. sendmail-wide stable 8.9.3+3.2W-20 alpha sendmail-wide stable 8.9.3+3.2W-23 i386, m68k, powerpc, sparc, source sendmail-wide updates 8.9.3+3.2W-23 alpha Get alpha version back in sync squid-cgi stable 2.2.5-3.2 alpha, arm, i386, m68k, powerpc, sparc squid-cgi updates 2.2.5-4 alpha, arm, i386, m68k, powerpc, sparc squidclient stable 2.2.5-3.2 alpha, arm, i386, m68k, powerpc, sparc squidclient updates 2.2.5-4 alpha, arm, i386, m68k, powerpc, sparc squid stable 2.2.5-3.2 alpha, arm, i386, m68k, powerpc, sparc, source squid updates 2.2.5-4 alpha, arm, i386, m68k, powerpc, sparc, source Upload to address the problems as identified in the 2.4 series. o ftp://user@pass overflow: not vulnerable o HTCP cannot be turned off if compiled in: not vulnerable, the Debian package has had the "turn off HTCP" patch for ages o SNMP memory leak potential DOS: applied patch for squid 2.4.STABLE3 sudo stable 1.6.2p2-2 alpha, arm, i386, m68k, powerpc, sparc sudo updates 1.6.2p2-2.1 alpha, arm, i386, m68k, powerpc, sparc Security Upload, DSA 101 tkseti stable 2.12-2 alpha, arm, i386, powerpc, sparc, source tkseti updates 2.12-2 m68k Get m68k version back in sync libsnmp4.1-dev stable 4.1.1-2 alpha, arm, i386, m68k, powerpc, sparc libsnmp4.1-dev updates 4.1.1-2.2 alpha, arm, i386, m68k, powerpc, sparc libsnmp4.1 stable 4.1.1-2 alpha, arm, i386, m68k, powerpc, sparc libsnmp4.1 updates 4.1.1-2.2 alpha, arm, i386, m68k, powerpc, sparc snmpd stable 4.1.1-2 alpha, arm, i386, m68k, powerpc, sparc snmpd updates 4.1.1-2.2 alpha, arm, i386, m68k, powerpc, sparc snmp stable 4.1.1-2 alpha, arm, i386, m68k, powerpc, sparc snmp updates 4.1.1-2.2 alpha, arm, i386, m68k, powerpc, sparc ucd-snmp stable 4.1.1-2 source ucd-snmp updates 4.1.1-2.2 source DSA 111 - Multiple vulnerabilities uucp stable 1.06.1-11potato1 alpha, arm, i386, m68k, powerpc, sparc uucp updates 1.06.1-11potato2 alpha, arm, i386, m68k, powerpc, sparc Security Upload, DSA 079-2, uucp uid/gid access wmtv stable 0.6.5-2 alpha, arm, i386, m68k, powerpc wmtv stable 0.6.5-2.0.1 sparc wmtv updates 0.6.5-2potato2 alpha, arm, i386, m68k, powerpc, sparc Security Upload, DSA 108, symlink vulnerability xchat-common stable 1.4.3-0.1 all xchat-common updates 1.4.3-1 all xchat-gnome stable 1.4.3-0.1 arm, i386, m68k, powerpc, sparc xchat-gnome stable 1.4.3-0.1.1 alpha xchat-gnome updates 1.4.3-1 alpha, arm, i386, m68k, powerpc, sparc xchat-text stable 1.4.3-0.1 arm, i386, m68k, powerpc, sparc xchat-text stable 1.4.3-0.1.1 alpha xchat-text updates 1.4.3-1 alpha, arm, i386, m68k, powerpc, sparc xchat stable 1.4.3-0.1 arm, i386, m68k, powerpc, sparc xchat stable 1.4.3-0.1.1 alpha xchat updates 1.4.3-1 alpha, arm, i386, m68k, powerpc, sparc * Fixed "Xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability", (http://www.securityfocus.com/archive/1/249113); patch provided by upstream author, Peter Zelezny <zed@linux.com>. DSA 099 xcin stable 2.3.04-1 arm xcin stable 2.5.1.3-1 powerpc xcin stable 2.5.1.99.pre6.1-1 alpha xcin stable 2.5.2-1 i386, m68k, sparc xcin updates 2.5.2-1 alpha, arm, powerpc Get versions back in sync xmysqladmin stable 1.0-5 m68k xmysqladmin stable 1.0-7 alpha, i386, powerpc, source xmysqladmin updates 1.0-7 m68k Get m68k version back in sync xsane stable 0.50-5 alpha, arm, i386, m68k, powerpc, sparc, source xsane updates 0.50-5.1 alpha, arm, i386, m68k, powerpc, sparc, source DSA 118 - insecure temporary files zmailer-ssl stable 2.99.50.s19-2 alpha zmailer-ssl stable 2.99.51.52pre3-2 arm, i386, m68k, powerpc, sparc, source zmailer-ssl updates 2.99.51.52pre3-2 alpha Get Alpha version back in sync Further investigation --------------------- These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet. eruby stable 0.0.4-1.0 m68k eruby stable 0.0.4-1.2 alpha eruby stable 0.0.9-1potato1 arm, i386, powerpc, sparc, source eruby updates 0.0.9-1potato1 alpha MISSING m68k libnss-ldap stable 110-2 alpha, powerpc libnss-ldap stable 122-1 arm, i386, m68k, sparc, source libnss-ldap updates 122-1 alpha Get Alpha version back in sync MISSING powerpc photopc stable 2.1-1 powerpc photopc stable 2.8-3 arm photopc stable 3.02-2 alpha, i386, sparc, source photopc updates 3.02-2 powerpc Get versions in sync. MISSING arm unixcw stable 1.1a-2 arm unixcw stable 1.1a-5 alpha, i386, source unixcw updates 1.1a-5 powerpc, sparc Get package in sync through all architectures. MISSING arm xtell stable 1.91 alpha, arm, i386, m68k, powerpc, sparc, source xtell updates 1.91.1 alpha, arm, powerpc, sparc xtell updates 1.91.2 i386, m68k, source DSA 121 - several vulnerabilities A couple of arch's missing for .2, but uploaded already Rejected packages ----------------- These packages don't meet the requirements. dvi2ps-fontdata-a2n stable 1.0-5 all dvi2ps-fontdata-a2n updates 1.0-7 all dvi2ps-fontdata-bsr stable 1.0-5 all dvi2ps-fontdata-bsr updates 1.0-7 all dvi2ps-fontdata-ja stable 1.0-5 all dvi2ps-fontdata-ja updates 1.0-7 all dvi2ps-fontdata-n2a stable 1.0-5 all dvi2ps-fontdata-n2a updates 1.0-7 all dvi2ps-fontdata-ptexfake stable 1.0-5 all dvi2ps-fontdata-ptexfake updates 1.0-7 all dvi2ps-fontdata-rrs stable 1.0-5 all dvi2ps-fontdata-rrs updates 1.0-7 all dvi2ps-fontdata-rsp stable 1.0-5 all dvi2ps-fontdata-rsp updates 1.0-7 all dvi2ps-fontdata-tbank stable 1.0-5 all dvi2ps-fontdata-tbank updates 1.0-7 all dvi2ps-fontdata-three stable 1.0-5 all dvi2ps-fontdata-three updates 1.0-7 all Misplaced upload to 'stable unstable' efingerd stable 1.3 alpha, arm, i386, m68k, powerpc, sparc, source efingerd updates 1.3.2 alpha, arm, i386, m68k, powerpc, sparc, source Alleged security update, .1 and .2 are broken, though. Joey is discussion the issue with the maintainer. jtex-base stable 1.8-6 all, source jtex-base updates 1.8-7 all, source Misplaced upload, stable+unstable rsync stable 2.3.2-1.2 alpha, arm, i386, m68k, powerpc, sparc rsync updates 2.3.2-1.3 alpha, arm, i386, m68k, powerpc, sparc DSA 106 Broken packages, hence rejecting Disclaimer ---------- This list intends to help the ftp-masters releasing 2.2r6. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>. -- Life is too short to run proprietary software. -- Bdale Garbee
Attachment:
pgps1GJ3cRbKA.pgp
Description: PGP signature