Preparation of Debian GNU/Linux 2.2r6

An up-to-date version is at http://master.debian.org/~joey/2.2r6/

I am preparing another revision of the stable Debian distribution (r6) and will infrequently send reports so people can actually comment on it and intervene whenever this is required.

The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') out at the beginning of April this year (2002) -- some code rewrite is required though. James Troup still has to give the final approval for each package since he is the ftpmaster involved with stable revisions. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention.

This may also be the last version of the 2.2 series, depending on how well the woody release is making progress. There is, however, still a possibility another update (r7, to be scheduled at the beginning of June) has to be released before Debian 3.0.

My requirements for packages to go into stable:

1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. I really should make this a requirement for security uploads.

2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore).

3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts.

4. All released architectures have to be in sync.

Packages, which I will most probably reject:

. Package which fix non-critical bugs.

. Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable'.

. Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution.

. Binary packages for which the source got lost somehow.

Accepted packages

These packages should be installed into stable and be part of the next revision.

libace-doc	stable	5.0.7-4	all
libace5.0-dev	stable	5.0.7-2	alpha
libace5.0-dev	stable	5.0.7-4	arm, i386, m68k, powerpc, sparc
libace5.0-dev	updates	5.0.7-4	alpha
libace5.0	stable	5.0.7-2	alpha
libace5.0	stable	5.0.7-4	arm, i386, m68k, powerpc, sparc
libace5.0	updates	5.0.7-4	alpha
Get Alpha version back in sync

adjtimex	stable	1.10-1	alpha, i386
adjtimex	stable	1.5-1	sparc
adjtimex	stable	1.5-3	powerpc
adjtimex	stable	1.7-1	arm
adjtimex	stable	1.8.1-1	m68k
adjtimex	updates	1.10-1	arm, m68k, powerpc, sparc
Get versions in sync, apart from that: * New upstream release - security fix: use popen() to recover output from ntpdate, instead of an unsafe temporary file (thanks to Colin Phipps <crp22@cam.ac.uk>) (closes:bug#56752)

analog	stable	1:4.01-1potato1	alpha, arm, i386, m68k, powerpc, sparc, source
analog	updates	2:5.22-0potato3	alpha, arm, i386, m68k, powerpc, sparc, source
Security Update: DSA 125

at	stable	3.1.8-10	alpha, arm, i386, m68k, powerpc, sparc
at	updates	3.1.8-10.2	alpha, arm, i386, m68k, powerpc, sparc
Security Upload, DSA 102

cfs

stable

1.3.3-8

alpha, arm, i386, m68k, powerpc, sparc, source

cfs

updates

1.3.3-8.1

alpha, arm, i386, m68k, powerpc, sparc, source

Security Upload, DSA 116

* bug: buffer overflows in cfsd server daemon code: cvs_adm.c, cvs_fh.c (thx Zorgon for pointing at this). Some careless strcpy()'s in the server code caused cfsd to die with segfault when attaching crypto directories with long pathnames and on filehandle operations in attached crypto directories with long pathnames, see bug #135903 for details (closes: #135903).

cupsys-bsd	stable	1.0.4-9	alpha, arm, i386, m68k, powerpc, sparc
cupsys-bsd	updates	1.0.4-12	alpha, arm, i386, m68k, powerpc, sparc
cupsys	stable	1.0.4-9	alpha, arm, i386, m68k, powerpc, sparc, source
cupsys	updates	1.0.4-12	alpha, arm, i386, m68k, powerpc, sparc, source
libcupsys1-dev	stable	1.0.4-9	alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-dev	updates	1.0.4-12	alpha, arm, i386, m68k, powerpc, sparc
libcupsys1	stable	1.0.4-9	alpha, arm, i386, m68k, powerpc, sparc
libcupsys1	updates	1.0.4-12	alpha, arm, i386, m68k, powerpc, sparc
-10: Security upload: DSA 110, Buffer overflow -11: More security fixes: more complete patch for attribute buffer handling and a more correct path validation check to prevent ".." attacks. -12: Remove lpd backend for security reasons.

cvs-doc	stable	1.10.7-7	all
cvs-doc	updates	1.10.7-9	all
cvs	stable	1.10.7-7	alpha, arm, i386, m68k, powerpc, sparc, source
cvs	updates	1.10.7-9	alpha, arm, i386, m68k, powerpc, sparc, source
* Add fix for possible security hole i diff, thanks to Niels Heinen for pointing it out, and Larry Jones for the patch. DSA 117 - improper variable initialization

dump

stable

0.4b16-1

alpha, arm, i386, m68k, powerpc, sparc

dump

updates

0.4b25-0.potato.1

alpha, arm, i386, m68k, powerpc, sparc

* back-port dump current version to potato at the request of Martin Schulze. The 0.4b22 upstream version included important fixes for data corruption that can occur with the version that was released with potato.

eruby	stable	0.0.4-1.0	m68k
eruby	stable	0.0.4-1.2	alpha
eruby	stable	0.0.9-1potato1	arm, i386, powerpc, sparc, source
eruby	updates	0.0.9-1potato1	alpha, m68k
Get versions back in sync

everybuddy	stable	0.0.7-3	alpha, arm, i386, m68k, powerpc, sparc, source
The current maintainer, Michael D. Ivey, told me that the potato version is so out-dated that it doesn't work with any current protocol, thus is completely useless. There may even be security implications, that are dubious. The current maintainer has agreed to remove the package from stable.

faqomatic	stable	2.603-1.1	all
faqomatic	updates	2.603-1.2	all
Security upload, DSA 109, cross-site scripting vulnerability

fml	stable	3.0+beta.20000106-1	all
fml	updates	3.0+beta.20000106-5	all
DSA 088, improper character escaping

gcc	stable	1:2.95.2-13	alpha, i386, powerpc, sparc
gcc	stable	1:2.95.2-13.1	arm, m68k
gcc	updates	1:2.95.2-13.1	alpha, i386, powerpc, sparc
Changelog says: * Non-maintainer upload * Add new patch for ARM (closes #75801) Clarification required. Doko queried. He approved, the patch is conditionalized so gets only applied on ARM.

glibc-doc	stable	2.1.3-19	all
glibc-doc	updates	2.1.3-20	all
i18ndata	stable	2.1.3-19	all
i18ndata	updates	2.1.3-20	all
libc6-dbg	stable	2.1.3-19	arm, i386, m68k, powerpc, sparc
libc6-dbg	updates	2.1.3-20	arm, i386, m68k, powerpc, sparc
libc6-dev	stable	2.1.3-19	arm, i386, m68k, powerpc, sparc
libc6-dev	updates	2.1.3-20	arm, i386, m68k, powerpc, sparc
libc6-pic	stable	2.1.3-19	arm, i386, m68k, powerpc, sparc
libc6-pic	updates	2.1.3-20	arm, i386, m68k, powerpc, sparc
libc6-prof	stable	2.1.3-19	arm, i386, m68k, powerpc, sparc
libc6-prof	updates	2.1.3-20	arm, i386, m68k, powerpc, sparc
libc6.1-dbg	stable	2.1.3-19	alpha
libc6.1-dbg	updates	2.1.3-20	alpha
libc6.1-dev	stable	2.1.3-19	alpha
libc6.1-dev	updates	2.1.3-20	alpha
libc6.1-pic	stable	2.1.3-19	alpha
libc6.1-pic	updates	2.1.3-20	alpha
libc6.1-prof	stable	2.1.3-19	alpha
libc6.1-prof	updates	2.1.3-20	alpha
libc6.1	stable	2.1.3-19	alpha
libc6.1	updates	2.1.3-20	alpha
libc6	stable	2.1.3-19	arm, i386, m68k, powerpc, sparc
libc6	updates	2.1.3-20	arm, i386, m68k, powerpc, sparc
locales	stable	2.1.3-19	alpha, arm, i386, m68k, powerpc, sparc
locales	updates	2.1.3-20	alpha, arm, i386, m68k, powerpc, sparc
nscd	stable	2.1.3-19	alpha, arm, i386, m68k, powerpc, sparc
nscd	updates	2.1.3-20	alpha, arm, i386, m68k, powerpc, sparc
Glob security patch. DSA 103

gnujsp

stable

1.0.0-4

all, source

gnujsp

updates

1.0.0-5

all, source

Security fix for disclosure of directory contents and script sources

DSA 114

gzip	stable	1.2.4-33	alpha, arm, i386, m68k, powerpc, sparc, source
gzip	updates	1.2.4-33.1	alpha, arm, i386, m68k, powerpc, sparc, source
DSA 100 - Buffer overflow

hanterm	stable	1:3.3.1p17-5.1	alpha, arm, i386, m68k, powerpc, sparc, source
hanterm	updates	1:3.3.1p17-5.2	alpha, arm, i386, m68k, powerpc, sparc, source
DSA 112

icecast-server	stable	1.0.0-1	alpha, arm, i386, m68k, powerpc, sparc
icecast-server	updates	1.3.10-1	alpha, arm, m68k, powerpc, sparc
icecast-server	updates	1.3.10-1.1	i386
DSA 089

jgroff	stable	1.15+ja-3.2	alpha, arm, i386, m68k, powerpc, sparc
jgroff	updates	1.15+ja-3.4	alpha, arm, i386, m68k, powerpc, sparc
DSA 107

kernel-doc-2.2.19	stable	2.2.19.1-2	all
kernel-doc-2.2.19	updates	2.2.19.1-4	all
kernel-headers-2.2.19-compact	stable	2.2.19-4potato.5	i386
kernel-headers-2.2.19-compact	updates	2.2.19-4potato.7	i386
kernel-headers-2.2.19-idepci	stable	2.2.19-4potato.5	i386
kernel-headers-2.2.19-idepci	updates	2.2.19-4potato.7	i386
kernel-headers-2.2.19-ide	stable	2.2.19-4potato.5	i386
kernel-headers-2.2.19-ide	updates	2.2.19-4potato.7	i386
kernel-headers-2.2.19	stable	2.2.19-1potato.3	alpha
kernel-headers-2.2.19	stable	2.2.19-2	m68k
kernel-headers-2.2.19	stable	2.2.19-2.0potato1	powerpc
kernel-headers-2.2.19	stable	2.2.19-4potato.5	i386
kernel-headers-2.2.19	updates	2.2.19-1potato.5	alpha
kernel-headers-2.2.19	updates	2.2.19-2.0potato2	powerpc
kernel-headers-2.2.19	updates	2.2.19-4potato.7	i386
kernel-image-2.2.19-chrp	stable	2.2.19-2.0potato1	powerpc
kernel-image-2.2.19-chrp	updates	2.2.19-2.0potato2	powerpc
kernel-image-2.2.19-compact	stable	2.2.19-4potato.5	i386
kernel-image-2.2.19-compact	updates	2.2.19-4potato.7	i386
kernel-image-2.2.19-generic	stable	2.2.19-1potato.3	alpha
kernel-image-2.2.19-generic	updates	2.2.19-1potato.5	alpha
kernel-image-2.2.19-idepci	stable	2.2.19-4potato.5	i386
kernel-image-2.2.19-idepci	updates	2.2.19-4potato.7	i386
kernel-image-2.2.19-ide	stable	2.2.19-4potato.5	i386
kernel-image-2.2.19-ide	updates	2.2.19-4potato.7	i386
kernel-image-2.2.19-jensen	stable	2.2.19-1potato.3	alpha
kernel-image-2.2.19-jensen	updates	2.2.19-1potato.5	alpha
kernel-image-2.2.19-nautilus	stable	2.2.19-1potato.3	alpha
kernel-image-2.2.19-nautilus	updates	2.2.19-1potato.5	alpha
kernel-image-2.2.19-pmac	stable	2.2.19-2.0potato1	powerpc
kernel-image-2.2.19-pmac	updates	2.2.19-2.0potato2	powerpc
kernel-image-2.2.19-prep	stable	2.2.19-2.0potato1	powerpc
kernel-image-2.2.19-prep	updates	2.2.19-2.0potato2	powerpc
kernel-image-2.2.19-smp	stable	2.2.19-1potato.3	alpha
kernel-image-2.2.19-smp	updates	2.2.19-1potato.5	alpha
kernel-image-2.2.19	stable	2.2.19-4potato.5	i386
kernel-image-2.2.19	updates	2.2.19-4potato.7	i386
kernel-patch-2.2.19-powerpc	stable	2.2.19-2.0potato1	all, source
kernel-patch-2.2.19-powerpc	updates	2.2.19-2.0potato2	all, source
kernel-source-2.2.19	stable	2.2.19.1-2	all, source
kernel-source-2.2.19	updates	2.2.19.1-4	all, source
Security Update (following up to DSA 122) kernel-source 2.2.19.1-3: Fixed double free in drivers/net/zlib.c kernel-source 2.2.19.1-4: Fixed remaining double free in drivers/net/zlib.c kernel-image-2.2.19-alpha_2.2.19-1potato.5: built against 2.2.19.1-4 kernel-image-2.2.19-i386_2.2.19-4potato.7: built against 2.2.19.1-4 kernel-patch-2.2.19-powerpc_2.2.19-2.0potato2: built against 2.2.19.1-4 MISSING m68k

libnss-ldap	stable	110-2	alpha, powerpc
libnss-ldap	stable	122-1	arm, i386, m68k, sparc, source
libnss-ldap	updates	122-1	alpha, powerpc
Get Alpha and powerpc version back in sync

listar-cgi	stable	0.129a-2	alpha, arm, i386, m68k, powerpc, sparc
listar-cgi	updates	0.129a-2.potato1	alpha, arm, i386, m68k, powerpc, sparc
listar	stable	0.129a-2	alpha, arm, i386, m68k, powerpc, sparc, source
listar	updates	0.129a-2.potato1	alpha, arm, i386, m68k, powerpc, sparc, source
DSA 123 - Remote exploit

maildrop	stable	0.75-2	alpha
maildrop	stable	0.75-2.1	arm, i386, m68k, powerpc, sparc, source
maildrop	updates	0.75-2.1	alpha
Get versions back in sync

man2html	stable	1.5-23	alpha, arm, i386, m68k, powerpc, sparc
man2html	updates	1.5-23.1	alpha, arm, i386, m68k, powerpc, sparc
* Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable.

masqmail	stable	0.0.12-2	alpha
masqmail	stable	0.0.12-3	arm, i386, m68k, powerpc, sparc, source
masqmail	updates	0.0.12-3	alpha
Get versions back in sync

libmhash1	stable	0.6.1-1	alpha, i386, m68k, powerpc, sparc
libmhash1	updates	0.6.1-1	arm
mhash	stable	0.6.1-1	source
Get versions back in sync

apache-ssl	stable	1.3.9.13-2	alpha, arm, i386, m68k, powerpc, sparc, source
apache-ssl	updates	1.3.9.13-4	alpha, arm, i386, m68k, powerpc, sparc, source
libapache-mod-ssl-doc	stable	2.4.10-1.3.9-1	all
libapache-mod-ssl-doc	updates	2.4.10-1.3.9-1potato1	all
libapache-mod-ssl	stable	2.4.10-1.3.9-1	alpha, arm, i386, m68k, powerpc, sparc, source
libapache-mod-ssl	updates	2.4.10-1.3.9-1potato1	alpha, arm, i386, m68k, powerpc, sparc, source
DSA 120 - Buffer overflow in mod_ssl and apache-ssl

mtr

stable

0.41-5

alpha, arm, i386, m68k, powerpc, sparc, source

mtr

updates

0.41-6

alpha, arm, i386, m68k, powerpc, sparc, source

DSA 124 - buffer overflow

libncurses5-dbg	stable	5.0-6.0potato1	alpha, arm, i386, m68k, powerpc, sparc
libncurses5-dbg	updates	5.0-6.0potato2	alpha, arm, i386, m68k, powerpc, sparc
libncurses5-dev	stable	5.0-6.0potato1	alpha, arm, i386, m68k, powerpc, sparc
libncurses5-dev	updates	5.0-6.0potato2	alpha, arm, i386, m68k, powerpc, sparc
libncurses5	stable	5.0-6.0potato1	alpha, arm, i386, m68k, powerpc, sparc
libncurses5	updates	5.0-6.0potato2	alpha, arm, i386, m68k, powerpc, sparc
ncurses-base	stable	5.0-6.0potato1	all
ncurses-base	updates	5.0-6.0potato2	all
ncurses-bin	stable	5.0-6.0potato1	alpha, arm, i386, m68k, powerpc, sparc
ncurses-bin	updates	5.0-6.0potato2	alpha, arm, i386, m68k, powerpc, sparc
ncurses-term	stable	5.0-6.0potato1	all
ncurses-term	updates	5.0-6.0potato2	all
DSA 113 Security upload, fixing a buffer overflow I missed in the original pass through the code (Closes: #118002).

libncurses4-dev	stable	4.2-9	alpha, arm, i386, m68k, sparc
libncurses4-dev	updates	4.2-9	powerpc
libncurses4	stable	4.2-6	powerpc
libncurses4	stable	4.2-9	alpha, arm, i386, m68k, sparc
libncurses4	updates	4.2-9	powerpc
It's all Heidi's fault. It'll get the version in potato in sync at least.

libnasl0-dev	stable	0.99.2-1	alpha
libnasl0-dev	stable	0.99.4-1	i386, m68k, powerpc, sparc
libnasl0-dev	updates	0.99.4-1	alpha
libnasl0	stable	0.99.2-1	alpha
libnasl0	stable	0.99.4-1	i386, m68k, powerpc, sparc
libnasl0	updates	0.99.4-1	alpha
libnessus0-dev	stable	0.99.2-1	alpha
libnessus0-dev	stable	0.99.4-1	i386, m68k, powerpc, sparc
libnessus0-dev	updates	0.99.4-1	alpha
libnessus0	stable	0.99.2-1	alpha
libnessus0	stable	0.99.4-1	i386, m68k, powerpc, sparc
libnessus0	updates	0.99.4-1	alpha
nessus-plugins	stable	0.99.2-1	alpha
nessus-plugins	stable	0.99.4-1	i386, m68k, powerpc, sparc, source
nessus-plugins	updates	0.99.4-1	alpha
Get Alpha version of nessus/libnasl back in sync

netkit-ntalk	stable	0.10-8	source
talkd	stable	0.10-7	alpha
talkd	stable	0.10-8	arm, i386, m68k, powerpc, sparc
talkd	updates	0.10-8	alpha
talk	stable	0.10-7	alpha
talk	stable	0.10-8	arm, i386, m68k, powerpc, sparc
talk	updates	0.10-8	alpha
Get Alpha version back in sync

nfs-common	stable	1:0.1.9.1-1	alpha, arm, i386, m68k, powerpc, sparc
nfs-common	updates	1:0.1.9.1-1.potato1	alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-server	stable	1:0.1.9.1-1	alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-server	updates	1:0.1.9.1-1.potato1	alpha, arm, i386, m68k, powerpc, sparc
nhfsstone	stable	1:0.1.9.1-1	alpha, arm, i386, m68k, powerpc, sparc
nhfsstone	updates	1:0.1.9.1-1.potato1	alpha, arm, i386, m68k, powerpc, sparc
Support statd callbacks from later 2.2 kernels. (Bug#111990) It seems that this upload fixes a disparity between late 2.2 kernels and the older nfs-utils package from stable in connection with statd/lockd. Problem seems to exist for non-Linux clients at least.

pcmcia-modules-2.2.19-compact	stable	3.1.22-0.2potatok4potato.5	i386
pcmcia-modules-2.2.19-compact	updates	3.1.22-0.2potatok4potato.7	i386
pcmcia-modules-2.2.19-idepci	stable	3.1.22-0.2potatok4potato.5	i386
pcmcia-modules-2.2.19-idepci	updates	3.1.22-0.2potatok4potato.7	i386
pcmcia-modules-2.2.19-ide	stable	3.1.22-0.2potatok4potato.5	i386
pcmcia-modules-2.2.19-ide	updates	3.1.22-0.2potatok4potato.7	i386
pcmcia-modules-2.2.19-pmac	stable	3.1.22-0.2potatok2.0potato1	powerpc
pcmcia-modules-2.2.19-pmac	updates	3.1.22-0.2potatok2.0potato2	powerpc
pcmcia-modules-2.2.19	stable	3.1.22-0.2potatok4potato.5	i386
pcmcia-modules-2.2.19	updates	3.1.22-0.2potatok4potato.7	i386
These packages seem to update pcmcia-cs for current kernel images. Why no different changelog entry? Herbert Xu: Because of the way pcmcia-cs is arranged. The same pcmcia source is used to compile against arbitrary kernel module packages. Why for that ancient kernel source instead of the newly uploaded kernel-source 2.2.19.1-4? Herbert Xu: The changelog entry is for pcmcia-cs, not the module. The version number can be deduced from the deb itself. Do a dpkg -I on it and check the Depends field.

php3-cgi-gd	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-gd	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-imap	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-imap	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-ldap	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-ldap	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-magick	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-magick	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mhash	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mhash	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mysql	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mysql	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-pgsql	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-pgsql	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-snmp	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-snmp	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-xml	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-xml	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-cgi	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-dev	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-dev	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-gd	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-gd	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-imap	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-imap	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-ldap	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-ldap	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-magick	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-magick	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-mhash	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-mhash	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-mysql	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-mysql	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-pgsql	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-pgsql	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-snmp	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-snmp	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3-xml	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc
php3-xml	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc
php3	stable	3:3.0.18-0potato1	alpha, arm, i386, m68k, powerpc, sparc, source
php3	updates	3:3.0.18-0potato1.1	alpha, arm, i386, m68k, powerpc, sparc, source
php4-cgi-gd	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-gd	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-imap	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-imap	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-ldap	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-ldap	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-mhash	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-mhash	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-mysql	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-mysql	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsql	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsql	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-snmp	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-snmp	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi-xml	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi-xml	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-cgi	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-cgi	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-dev	stable	4.0.3pl1-0potato2	all
php4-dev	updates	4.0.3pl1-0potato3	all
php4-gd	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-gd	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-imap	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-imap	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-ldap	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-ldap	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-mhash	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-mhash	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-mysql	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-mysql	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-pgsql	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-pgsql	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-snmp	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-snmp	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4-xml	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc
php4-xml	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc
php4	stable	4.0.3pl1-0potato2	alpha, i386, m68k, powerpc, sparc, source
php4	updates	4.0.3pl1-0potato3	alpha, i386, m68k, powerpc, sparc, source
DSA 115 - Broken boundary check and more

pine396-diffs	stable	5	all
pine396-src	stable	3	all
pine4-diffs	stable	2	all
pine4-src	stable	1	all
These PINE packages contain security problems and the maintainer agrees that it would be best to remove them from the stable directory entirely. People who still want to use PINE should check the pine-tracker package. pine: Bad url handling exploit remove pine remove pine396-diffs remove pine396-src remove pine4 remove pine4-diffs remove pine4-src

samba-common	stable	2.0.7-3.4	alpha, arm, i386, m68k, powerpc, sparc
samba-common	updates	2.0.7-5	alpha, arm, i386, m68k, powerpc, sparc
samba-doc	stable	2.0.7-3.4	all
samba-doc	updates	2.0.7-5	all
samba	stable	2.0.7-3.4	alpha, arm, i386, m68k, powerpc, sparc
samba	updates	2.0.7-5	alpha, arm, i386, m68k, powerpc, sparc
smbclient	stable	2.0.7-3.4	alpha, arm, i386, m68k, powerpc, sparc
smbclient	updates	2.0.7-5	alpha, arm, i386, m68k, powerpc, sparc
smbfs	stable	2.0.7-3.4	alpha, arm, i386, m68k, powerpc, sparc
smbfs	updates	2.0.7-5	alpha, arm, i386, m68k, powerpc, sparc
swat	stable	2.0.7-3.4	alpha, arm, i386, m68k, powerpc, sparc
swat	updates	2.0.7-5	alpha, arm, i386, m68k, powerpc, sparc
ChangeLog says: * Permanently fix problem with NMU's being built against incorrect kernel interfaces (closes: #94380, #95015, #102226) * add uploaders: header to control file This upload most probably fixes the problem with the old alpha version not being able to run properly due to a bad build environment. This problem may be solved by a general change... may be... Steve Langasek should speak up... He said: Samba upstream takes advantage of the best system facilities (libc/kernel) available at compile time. Because Debian releases usually include a baseline kernel and an 'experimental' kernel, Eloy and I have introduced packaging code in unstable that prevents Samba from detecting facilities that it should not be compiled against. The 2.0.7-4 upload backports these packaging mods to potato, both correcting the problems with past alpha security NMUs and safeguarding against the possibility of future problems with security NMUs in potato. New Changelog says (2.0.7-5): * Add Build-Depends line; the previous upload was missing potentially important library linkage on some architectures. * Fix debian/rules to use xxx-linux instead of xxx-linux-gnu; config.sub doesn't grok the latter, causing printing to break (closes: #127444) According to Steve Langasek this version is fine and suited for stable.

sendmail-wide	stable	8.9.3+3.2W-20	alpha
sendmail-wide	stable	8.9.3+3.2W-23	i386, m68k, powerpc, sparc, source
sendmail-wide	updates	8.9.3+3.2W-23	alpha
Get alpha version back in sync

squid-cgi	stable	2.2.5-3.2	alpha, arm, i386, m68k, powerpc, sparc
squid-cgi	updates	2.2.5-4	alpha, arm, i386, m68k, powerpc, sparc
squidclient	stable	2.2.5-3.2	alpha, arm, i386, m68k, powerpc, sparc
squidclient	updates	2.2.5-4	alpha, arm, i386, m68k, powerpc, sparc
squid	stable	2.2.5-3.2	alpha, arm, i386, m68k, powerpc, sparc, source
squid	updates	2.2.5-4	alpha, arm, i386, m68k, powerpc, sparc, source
Upload to address the problems as identified in the 2.4 series. o ftp://user@pass overflow: not vulnerable o HTCP cannot be turned off if compiled in: not vulnerable, the Debian package has had the "turn off HTCP" patch for ages o SNMP memory leak potential DOS: applied patch for squid 2.4.STABLE3

sudo	stable	1.6.2p2-2	alpha, arm, i386, m68k, powerpc, sparc
sudo	updates	1.6.2p2-2.1	alpha, arm, i386, m68k, powerpc, sparc
Security Upload, DSA 101

tkseti	stable	2.12-2	alpha, arm, i386, powerpc, sparc, source
tkseti	updates	2.12-2	m68k
Get m68k version back in sync

libsnmp4.1-dev	stable	4.1.1-2	alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1-dev	updates	4.1.1-2.2	alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1	stable	4.1.1-2	alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1	updates	4.1.1-2.2	alpha, arm, i386, m68k, powerpc, sparc
snmpd	stable	4.1.1-2	alpha, arm, i386, m68k, powerpc, sparc
snmpd	updates	4.1.1-2.2	alpha, arm, i386, m68k, powerpc, sparc
snmp	stable	4.1.1-2	alpha, arm, i386, m68k, powerpc, sparc
snmp	updates	4.1.1-2.2	alpha, arm, i386, m68k, powerpc, sparc
ucd-snmp	stable	4.1.1-2	source
ucd-snmp	updates	4.1.1-2.2	source
DSA 111 - Multiple vulnerabilities

uucp	stable	1.06.1-11potato1	alpha, arm, i386, m68k, powerpc, sparc
uucp	updates	1.06.1-11potato2	alpha, arm, i386, m68k, powerpc, sparc
Security Upload, DSA 079-2, uucp uid/gid access

wmtv	stable	0.6.5-2	alpha, arm, i386, m68k, powerpc
wmtv	stable	0.6.5-2.0.1	sparc
wmtv	updates	0.6.5-2potato2	alpha, arm, i386, m68k, powerpc, sparc
Security Upload, DSA 108, symlink vulnerability

xchat-common	stable	1.4.3-0.1	all
xchat-common	updates	1.4.3-1	all
xchat-gnome	stable	1.4.3-0.1	arm, i386, m68k, powerpc, sparc
xchat-gnome	stable	1.4.3-0.1.1	alpha
xchat-gnome	updates	1.4.3-1	alpha, arm, i386, m68k, powerpc, sparc
xchat-text	stable	1.4.3-0.1	arm, i386, m68k, powerpc, sparc
xchat-text	stable	1.4.3-0.1.1	alpha
xchat-text	updates	1.4.3-1	alpha, arm, i386, m68k, powerpc, sparc
xchat	stable	1.4.3-0.1	arm, i386, m68k, powerpc, sparc
xchat	stable	1.4.3-0.1.1	alpha
xchat	updates	1.4.3-1	alpha, arm, i386, m68k, powerpc, sparc
* Fixed "Xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability", (http://www.securityfocus.com/archive/1/249113); patch provided by upstream author, Peter Zelezny <zed@linux.com>. DSA 099

xcin	stable	2.3.04-1	arm
xcin	stable	2.5.1.3-1	powerpc
xcin	stable	2.5.1.99.pre6.1-1	alpha
xcin	stable	2.5.2-1	i386, m68k, sparc
xcin	updates	2.5.2-1	alpha, arm, powerpc
Get versions back in sync

xmysqladmin	stable	1.0-5	m68k
xmysqladmin	stable	1.0-7	alpha, i386, powerpc, source
xmysqladmin	updates	1.0-7	m68k
Get m68k version back in sync

xsane	stable	0.50-5	alpha, arm, i386, m68k, powerpc, sparc, source
xsane	updates	0.50-5.1	alpha, arm, i386, m68k, powerpc, sparc, source
DSA 118 - insecure temporary files

xtell

stable

1.91

alpha, arm, i386, m68k, powerpc, sparc, source

xtell

updates

1.91.2

alpha, arm, i386, m68k, powerpc, sparc, source

DSA 121 - several vulnerabilities

A couple of arch's missing for .2, but uploaded already

zmailer-ssl	stable	2.99.50.s19-2	alpha
zmailer-ssl	stable	2.99.51.52pre3-2	arm, i386, m68k, powerpc, sparc, source
zmailer-ssl	updates	2.99.51.52pre3-2	alpha
Get Alpha version back in sync

Need further investigation

These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet.

photopc	stable	2.1-1	powerpc
photopc	stable	2.8-3	arm
photopc	stable	3.02-2	alpha, i386, sparc, source
photopc	updates	3.02-2	powerpc
Get versions in sync. MISSING arm

unixcw	stable	1.1a-2	arm
unixcw	stable	1.1a-5	alpha, i386, source
unixcw	updates	1.1a-5	powerpc, sparc
Get package in sync through all architectures. MISSING arm

Rejected packages

These packages don't meet the requirements.

dvi2ps-fontdata-a2n	stable	1.0-5	all
dvi2ps-fontdata-a2n	updates	1.0-7	all
dvi2ps-fontdata-bsr	stable	1.0-5	all
dvi2ps-fontdata-bsr	updates	1.0-7	all
dvi2ps-fontdata-ja	stable	1.0-5	all
dvi2ps-fontdata-ja	updates	1.0-7	all
dvi2ps-fontdata-n2a	stable	1.0-5	all
dvi2ps-fontdata-n2a	updates	1.0-7	all
dvi2ps-fontdata-ptexfake	stable	1.0-5	all
dvi2ps-fontdata-ptexfake	updates	1.0-7	all
dvi2ps-fontdata-rrs	stable	1.0-5	all
dvi2ps-fontdata-rrs	updates	1.0-7	all
dvi2ps-fontdata-rsp	stable	1.0-5	all
dvi2ps-fontdata-rsp	updates	1.0-7	all
dvi2ps-fontdata-tbank	stable	1.0-5	all
dvi2ps-fontdata-tbank	updates	1.0-7	all
dvi2ps-fontdata-three	stable	1.0-5	all
dvi2ps-fontdata-three	updates	1.0-7	all
Misplaced upload to 'stable unstable'

efingerd

stable

1.3

alpha, arm, i386, m68k, powerpc, sparc, source

efingerd

updates

1.3.2

alpha, arm, i386, m68k, powerpc, sparc, source

Alleged security update, .1 and .2 are broken, though.

Joey is discussion the issue with the maintainer.

jtex-base	stable	1.8-6	all, source
jtex-base	updates	1.8-7	all, source
Misplaced upload, stable+unstable

rsync

stable

2.3.2-1.2

alpha, arm, i386, m68k, powerpc, sparc

rsync

updates

2.3.2-1.3

alpha, arm, i386, m68k, powerpc, sparc

DSA 106

Broken packages, hence rejecting

Disclaimer

This list intends to help the ftp-masters releasing 2.2r6. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>.

Last updated 2002/04/03 09:36 MET