Preparation of Debian GNU/Linux 2.2r6

An up-to-date version is at http://master.debian.org/~joey/2.2r6/

I am preparing another revision of the stable Debian distribution (r6) and will infrequently send reports so people can actually comment on it and intervene whenever this is required.

The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') out at the beginning of April this year (2002) -- some code rewrite is required though. James Troup still has to give the final approval for each package since he is the ftpmaster involved with stable revisions. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention.

This may also be the last version of the 2.2 series, depending on how well the woody release is making progress. There is, however, still a possibility another update (r7, to be scheduled at the beginning of June) has to be released before Debian 3.0.

My requirements for packages to go into stable:

1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. I really should make this a requirement for security uploads.

2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore).

3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts.

4. All released architectures have to be in sync.

Packages, which I will most probably reject:

. Package which fix non-critical bugs.

. Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable'.

. Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution.

. Binary packages for which the source got lost somehow.

Accepted packages

These packages should be installed into stable and be part of the next revision.

libace-docstable5.0.7-4all
libace5.0-devstable5.0.7-2alpha
libace5.0-devstable5.0.7-4arm, i386, m68k, powerpc, sparc
libace5.0-devupdates5.0.7-4alpha
libace5.0stable5.0.7-2alpha
libace5.0stable5.0.7-4arm, i386, m68k, powerpc, sparc
libace5.0updates5.0.7-4alpha

Get Alpha version back in sync

adjtimexstable1.10-1alpha, i386
adjtimexstable1.5-1sparc
adjtimexstable1.5-3powerpc
adjtimexstable1.7-1arm
adjtimexstable1.8.1-1m68k
adjtimexupdates1.10-1arm, m68k, powerpc, sparc

Get versions in sync, apart from that:

* New upstream release - security fix: use popen() to recover output from ntpdate, instead of an unsafe temporary file (thanks to Colin Phipps <crp22@cam.ac.uk>) (closes:bug#56752)

analogstable1:4.01-1potato1alpha, arm, i386, m68k, powerpc, sparc, source
analogupdates2:5.22-0potato3alpha, arm, i386, m68k, powerpc, sparc, source

Security Update: DSA 125

atstable3.1.8-10alpha, arm, i386, m68k, powerpc, sparc
atupdates3.1.8-10.2alpha, arm, i386, m68k, powerpc, sparc

Security Upload, DSA 102

cfsstable1.3.3-8alpha, arm, i386, m68k, powerpc, sparc, source
cfsupdates1.3.3-8.1alpha, arm, i386, m68k, powerpc, sparc, source

Security Upload, DSA 116

* bug: buffer overflows in cfsd server daemon code: cvs_adm.c, cvs_fh.c (thx Zorgon for pointing at this). Some careless strcpy()'s in the server code caused cfsd to die with segfault when attaching crypto directories with long pathnames and on filehandle operations in attached crypto directories with long pathnames, see bug #135903 for details (closes: #135903).

cupsys-bsdstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
cupsys-bsdupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc
cupsysstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc, source
cupsysupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc, source
libcupsys1-devstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-devupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc
libcupsys1stable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
libcupsys1updates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc

-10: Security upload: DSA 110, Buffer overflow

-11: More security fixes: more complete patch for attribute buffer handling and a more correct path validation check to prevent ".." attacks.

-12: Remove lpd backend for security reasons.

cvs-docstable1.10.7-7all
cvs-docupdates1.10.7-9all
cvsstable1.10.7-7alpha, arm, i386, m68k, powerpc, sparc, source
cvsupdates1.10.7-9alpha, arm, i386, m68k, powerpc, sparc, source

* Add fix for possible security hole i diff, thanks to Niels Heinen for pointing it out, and Larry Jones for the patch.

DSA 117 - improper variable initialization

dumpstable0.4b16-1alpha, arm, i386, m68k, powerpc, sparc
dumpupdates0.4b25-0.potato.1alpha, arm, i386, m68k, powerpc, sparc

* back-port dump current version to potato at the request of Martin Schulze. The 0.4b22 upstream version included important fixes for data corruption that can occur with the version that was released with potato.

erubystable0.0.4-1.0m68k
erubystable0.0.4-1.2alpha
erubystable0.0.9-1potato1arm, i386, powerpc, sparc, source
erubyupdates0.0.9-1potato1alpha, m68k

Get versions back in sync

everybuddystable0.0.7-3alpha, arm, i386, m68k, powerpc, sparc, source

The current maintainer, Michael D. Ivey, told me that the potato version is so out-dated that it doesn't work with any current protocol, thus is completely useless. There may even be security implications, that are dubious. The current maintainer has agreed to remove the package from stable.

faqomaticstable2.603-1.1all
faqomaticupdates2.603-1.2all

Security upload, DSA 109, cross-site scripting vulnerability

fmlstable3.0+beta.20000106-1all
fmlupdates3.0+beta.20000106-5all

DSA 088, improper character escaping

gccstable1:2.95.2-13alpha, i386, powerpc, sparc
gccstable1:2.95.2-13.1arm, m68k
gccupdates1:2.95.2-13.1alpha, i386, powerpc, sparc

Changelog says:

* Non-maintainer upload

* Add new patch for ARM (closes #75801)

Clarification required. Doko queried. He approved, the patch is conditionalized so gets only applied on ARM.

glibc-docstable2.1.3-19all
glibc-docupdates2.1.3-20all
i18ndatastable2.1.3-19all
i18ndataupdates2.1.3-20all
libc6-dbgstable2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-dbgupdates2.1.3-20arm, i386, m68k, powerpc, sparc
libc6-devstable2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-devupdates2.1.3-20arm, i386, m68k, powerpc, sparc
libc6-picstable2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-picupdates2.1.3-20arm, i386, m68k, powerpc, sparc
libc6-profstable2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-profupdates2.1.3-20arm, i386, m68k, powerpc, sparc
libc6.1-dbgstable2.1.3-19alpha
libc6.1-dbgupdates2.1.3-20alpha
libc6.1-devstable2.1.3-19alpha
libc6.1-devupdates2.1.3-20alpha
libc6.1-picstable2.1.3-19alpha
libc6.1-picupdates2.1.3-20alpha
libc6.1-profstable2.1.3-19alpha
libc6.1-profupdates2.1.3-20alpha
libc6.1stable2.1.3-19alpha
libc6.1updates2.1.3-20alpha
libc6stable2.1.3-19arm, i386, m68k, powerpc, sparc
libc6updates2.1.3-20arm, i386, m68k, powerpc, sparc
localesstable2.1.3-19alpha, arm, i386, m68k, powerpc, sparc
localesupdates2.1.3-20alpha, arm, i386, m68k, powerpc, sparc
nscdstable2.1.3-19alpha, arm, i386, m68k, powerpc, sparc
nscdupdates2.1.3-20alpha, arm, i386, m68k, powerpc, sparc

Glob security patch. DSA 103

gnujspstable1.0.0-4all, source
gnujspupdates1.0.0-5all, source

Security fix for disclosure of directory contents and script sources

DSA 114

gzipstable1.2.4-33alpha, arm, i386, m68k, powerpc, sparc, source
gzipupdates1.2.4-33.1alpha, arm, i386, m68k, powerpc, sparc, source

DSA 100 - Buffer overflow

hantermstable1:3.3.1p17-5.1alpha, arm, i386, m68k, powerpc, sparc, source
hantermupdates1:3.3.1p17-5.2alpha, arm, i386, m68k, powerpc, sparc, source

DSA 112

icecast-serverstable1.0.0-1alpha, arm, i386, m68k, powerpc, sparc
icecast-serverupdates1.3.10-1alpha, arm, m68k, powerpc, sparc
icecast-serverupdates1.3.10-1.1i386

DSA 089

jgroffstable1.15+ja-3.2alpha, arm, i386, m68k, powerpc, sparc
jgroffupdates1.15+ja-3.4alpha, arm, i386, m68k, powerpc, sparc

DSA 107

kernel-doc-2.2.19stable2.2.19.1-2all
kernel-doc-2.2.19updates2.2.19.1-4all
kernel-headers-2.2.19-compactstable2.2.19-4potato.5i386
kernel-headers-2.2.19-compactupdates2.2.19-4potato.7i386
kernel-headers-2.2.19-idepcistable2.2.19-4potato.5i386
kernel-headers-2.2.19-idepciupdates2.2.19-4potato.7i386
kernel-headers-2.2.19-idestable2.2.19-4potato.5i386
kernel-headers-2.2.19-ideupdates2.2.19-4potato.7i386
kernel-headers-2.2.19stable2.2.19-1potato.3alpha
kernel-headers-2.2.19stable2.2.19-2m68k
kernel-headers-2.2.19stable2.2.19-2.0potato1powerpc
kernel-headers-2.2.19stable2.2.19-4potato.5i386
kernel-headers-2.2.19updates2.2.19-1potato.5alpha
kernel-headers-2.2.19updates2.2.19-2.0potato2powerpc
kernel-headers-2.2.19updates2.2.19-4potato.7i386
kernel-image-2.2.19-chrpstable2.2.19-2.0potato1powerpc
kernel-image-2.2.19-chrpupdates2.2.19-2.0potato2powerpc
kernel-image-2.2.19-compactstable2.2.19-4potato.5i386
kernel-image-2.2.19-compactupdates2.2.19-4potato.7i386
kernel-image-2.2.19-genericstable2.2.19-1potato.3alpha
kernel-image-2.2.19-genericupdates2.2.19-1potato.5alpha
kernel-image-2.2.19-idepcistable2.2.19-4potato.5i386
kernel-image-2.2.19-idepciupdates2.2.19-4potato.7i386
kernel-image-2.2.19-idestable2.2.19-4potato.5i386
kernel-image-2.2.19-ideupdates2.2.19-4potato.7i386
kernel-image-2.2.19-jensenstable2.2.19-1potato.3alpha
kernel-image-2.2.19-jensenupdates2.2.19-1potato.5alpha
kernel-image-2.2.19-nautilusstable2.2.19-1potato.3alpha
kernel-image-2.2.19-nautilusupdates2.2.19-1potato.5alpha
kernel-image-2.2.19-pmacstable2.2.19-2.0potato1powerpc
kernel-image-2.2.19-pmacupdates2.2.19-2.0potato2powerpc
kernel-image-2.2.19-prepstable2.2.19-2.0potato1powerpc
kernel-image-2.2.19-prepupdates2.2.19-2.0potato2powerpc
kernel-image-2.2.19-smpstable2.2.19-1potato.3alpha
kernel-image-2.2.19-smpupdates2.2.19-1potato.5alpha
kernel-image-2.2.19stable2.2.19-4potato.5i386
kernel-image-2.2.19updates2.2.19-4potato.7i386
kernel-patch-2.2.19-powerpcstable2.2.19-2.0potato1all, source
kernel-patch-2.2.19-powerpcupdates2.2.19-2.0potato2all, source
kernel-source-2.2.19stable2.2.19.1-2all, source
kernel-source-2.2.19updates2.2.19.1-4all, source

Security Update (following up to DSA 122)

kernel-source 2.2.19.1-3: Fixed double free in drivers/net/zlib.c kernel-source 2.2.19.1-4: Fixed remaining double free in drivers/net/zlib.c

kernel-image-2.2.19-alpha_2.2.19-1potato.5: built against 2.2.19.1-4

kernel-image-2.2.19-i386_2.2.19-4potato.7: built against 2.2.19.1-4

kernel-patch-2.2.19-powerpc_2.2.19-2.0potato2: built against 2.2.19.1-4


MISSING m68k

libnss-ldapstable110-2alpha, powerpc
libnss-ldapstable122-1arm, i386, m68k, sparc, source
libnss-ldapupdates122-1alpha, powerpc

Get Alpha and powerpc version back in sync

listar-cgistable0.129a-2alpha, arm, i386, m68k, powerpc, sparc
listar-cgiupdates0.129a-2.potato1alpha, arm, i386, m68k, powerpc, sparc
listarstable0.129a-2alpha, arm, i386, m68k, powerpc, sparc, source
listarupdates0.129a-2.potato1alpha, arm, i386, m68k, powerpc, sparc, source

DSA 123 - Remote exploit

maildropstable0.75-2alpha
maildropstable0.75-2.1arm, i386, m68k, powerpc, sparc, source
maildropupdates0.75-2.1alpha

Get versions back in sync

man2htmlstable1.5-23alpha, arm, i386, m68k, powerpc, sparc
man2htmlupdates1.5-23.1alpha, arm, i386, m68k, powerpc, sparc

* Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable.

masqmailstable0.0.12-2alpha
masqmailstable0.0.12-3arm, i386, m68k, powerpc, sparc, source
masqmailupdates0.0.12-3alpha

Get versions back in sync

libmhash1stable0.6.1-1alpha, i386, m68k, powerpc, sparc
libmhash1updates0.6.1-1arm
mhashstable0.6.1-1source

Get versions back in sync

apache-sslstable1.3.9.13-2alpha, arm, i386, m68k, powerpc, sparc, source
apache-sslupdates1.3.9.13-4alpha, arm, i386, m68k, powerpc, sparc, source
libapache-mod-ssl-docstable2.4.10-1.3.9-1all
libapache-mod-ssl-docupdates2.4.10-1.3.9-1potato1all
libapache-mod-sslstable2.4.10-1.3.9-1alpha, arm, i386, m68k, powerpc, sparc, source
libapache-mod-sslupdates2.4.10-1.3.9-1potato1alpha, arm, i386, m68k, powerpc, sparc, source

DSA 120 - Buffer overflow in mod_ssl and apache-ssl

mtrstable0.41-5alpha, arm, i386, m68k, powerpc, sparc, source
mtrupdates0.41-6alpha, arm, i386, m68k, powerpc, sparc, source

DSA 124 - buffer overflow

libncurses5-dbgstable5.0-6.0potato1alpha, arm, i386, m68k, powerpc, sparc
libncurses5-dbgupdates5.0-6.0potato2alpha, arm, i386, m68k, powerpc, sparc
libncurses5-devstable5.0-6.0potato1alpha, arm, i386, m68k, powerpc, sparc
libncurses5-devupdates5.0-6.0potato2alpha, arm, i386, m68k, powerpc, sparc
libncurses5stable5.0-6.0potato1alpha, arm, i386, m68k, powerpc, sparc
libncurses5updates5.0-6.0potato2alpha, arm, i386, m68k, powerpc, sparc
ncurses-basestable5.0-6.0potato1all
ncurses-baseupdates5.0-6.0potato2all
ncurses-binstable5.0-6.0potato1alpha, arm, i386, m68k, powerpc, sparc
ncurses-binupdates5.0-6.0potato2alpha, arm, i386, m68k, powerpc, sparc
ncurses-termstable5.0-6.0potato1all
ncurses-termupdates5.0-6.0potato2all

DSA 113

Security upload, fixing a buffer overflow I missed in the original pass through the code (Closes: #118002).

libncurses4-devstable4.2-9alpha, arm, i386, m68k, sparc
libncurses4-devupdates4.2-9powerpc
libncurses4stable4.2-6powerpc
libncurses4stable4.2-9alpha, arm, i386, m68k, sparc
libncurses4updates4.2-9powerpc

It's all Heidi's fault. It'll get the version in potato in sync at least.

libnasl0-devstable0.99.2-1alpha
libnasl0-devstable0.99.4-1i386, m68k, powerpc, sparc
libnasl0-devupdates0.99.4-1alpha
libnasl0stable0.99.2-1alpha
libnasl0stable0.99.4-1i386, m68k, powerpc, sparc
libnasl0updates0.99.4-1alpha
libnessus0-devstable0.99.2-1alpha
libnessus0-devstable0.99.4-1i386, m68k, powerpc, sparc
libnessus0-devupdates0.99.4-1alpha
libnessus0stable0.99.2-1alpha
libnessus0stable0.99.4-1i386, m68k, powerpc, sparc
libnessus0updates0.99.4-1alpha
nessus-pluginsstable0.99.2-1alpha
nessus-pluginsstable0.99.4-1i386, m68k, powerpc, sparc, source
nessus-pluginsupdates0.99.4-1alpha

Get Alpha version of nessus/libnasl back in sync

netkit-ntalkstable0.10-8source
talkdstable0.10-7alpha
talkdstable0.10-8arm, i386, m68k, powerpc, sparc
talkdupdates0.10-8alpha
talkstable0.10-7alpha
talkstable0.10-8arm, i386, m68k, powerpc, sparc
talkupdates0.10-8alpha

Get Alpha version back in sync

nfs-commonstable1:0.1.9.1-1alpha, arm, i386, m68k, powerpc, sparc
nfs-commonupdates1:0.1.9.1-1.potato1alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-serverstable1:0.1.9.1-1alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-serverupdates1:0.1.9.1-1.potato1alpha, arm, i386, m68k, powerpc, sparc
nhfsstonestable1:0.1.9.1-1alpha, arm, i386, m68k, powerpc, sparc
nhfsstoneupdates1:0.1.9.1-1.potato1alpha, arm, i386, m68k, powerpc, sparc

Support statd callbacks from later 2.2 kernels. (Bug#111990)

It seems that this upload fixes a disparity between late 2.2 kernels and the older nfs-utils package from stable in connection with statd/lockd. Problem seems to exist for non-Linux clients at least.

pcmcia-modules-2.2.19-compactstable3.1.22-0.2potatok4potato.5i386
pcmcia-modules-2.2.19-compactupdates3.1.22-0.2potatok4potato.7i386
pcmcia-modules-2.2.19-idepcistable3.1.22-0.2potatok4potato.5i386
pcmcia-modules-2.2.19-idepciupdates3.1.22-0.2potatok4potato.7i386
pcmcia-modules-2.2.19-idestable3.1.22-0.2potatok4potato.5i386
pcmcia-modules-2.2.19-ideupdates3.1.22-0.2potatok4potato.7i386
pcmcia-modules-2.2.19-pmacstable3.1.22-0.2potatok2.0potato1powerpc
pcmcia-modules-2.2.19-pmacupdates3.1.22-0.2potatok2.0potato2powerpc
pcmcia-modules-2.2.19stable3.1.22-0.2potatok4potato.5i386
pcmcia-modules-2.2.19updates3.1.22-0.2potatok4potato.7i386

These packages seem to update pcmcia-cs for current kernel images.

Why no different changelog entry?

Herbert Xu: Because of the way pcmcia-cs is arranged. The same pcmcia source is used to compile against arbitrary kernel module packages.

Why for that ancient kernel source instead of the newly uploaded kernel-source 2.2.19.1-4?

Herbert Xu: The changelog entry is for pcmcia-cs, not the module. The version number can be deduced from the deb itself. Do a dpkg -I on it and check the Depends field.

php3-cgi-gdstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-gdupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-imapstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-imapupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-ldapstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-ldapupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-magickstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-magickupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mhashstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mhashupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mysqlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-mysqlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-pgsqlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-pgsqlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-snmpstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-snmpupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-xmlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgi-xmlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-cgistable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-cgiupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-devstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-devupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-gdstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-gdupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-imapstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-imapupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-ldapstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-ldapupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-magickstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-magickupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-mhashstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-mhashupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-mysqlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-mysqlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-pgsqlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-pgsqlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-snmpstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-snmpupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3-xmlstable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc
php3-xmlupdates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc
php3stable3:3.0.18-0potato1alpha, arm, i386, m68k, powerpc, sparc, source
php3updates3:3.0.18-0potato1.1alpha, arm, i386, m68k, powerpc, sparc, source
php4-cgi-gdstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-gdupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-imapstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-imapupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-ldapstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-ldapupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-mhashstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-mhashupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-mysqlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-mysqlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsqlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-pgsqlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-snmpstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-snmpupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgi-xmlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgi-xmlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-cgistable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-cgiupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-devstable4.0.3pl1-0potato2all
php4-devupdates4.0.3pl1-0potato3all
php4-gdstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-gdupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-imapstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-imapupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-ldapstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-ldapupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-mhashstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-mhashupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-mysqlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-mysqlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-pgsqlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-pgsqlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-snmpstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-snmpupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4-xmlstable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc
php4-xmlupdates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc
php4stable4.0.3pl1-0potato2alpha, i386, m68k, powerpc, sparc, source
php4updates4.0.3pl1-0potato3alpha, i386, m68k, powerpc, sparc, source

DSA 115 - Broken boundary check and more

pine396-diffsstable5all
pine396-srcstable3all
pine4-diffsstable2all
pine4-srcstable1all

These PINE packages contain security problems and the maintainer agrees that it would be best to remove them from the stable directory entirely. People who still want to use PINE should check the pine-tracker package.

pine: Bad url handling exploit

remove pine remove pine396-diffs remove pine396-src remove pine4 remove pine4-diffs remove pine4-src

samba-commonstable2.0.7-3.4alpha, arm, i386, m68k, powerpc, sparc
samba-commonupdates2.0.7-5alpha, arm, i386, m68k, powerpc, sparc
samba-docstable2.0.7-3.4all
samba-docupdates2.0.7-5all
sambastable2.0.7-3.4alpha, arm, i386, m68k, powerpc, sparc
sambaupdates2.0.7-5alpha, arm, i386, m68k, powerpc, sparc
smbclientstable2.0.7-3.4alpha, arm, i386, m68k, powerpc, sparc
smbclientupdates2.0.7-5alpha, arm, i386, m68k, powerpc, sparc
smbfsstable2.0.7-3.4alpha, arm, i386, m68k, powerpc, sparc
smbfsupdates2.0.7-5alpha, arm, i386, m68k, powerpc, sparc
swatstable2.0.7-3.4alpha, arm, i386, m68k, powerpc, sparc
swatupdates2.0.7-5alpha, arm, i386, m68k, powerpc, sparc

ChangeLog says:

* Permanently fix problem with NMU's being built against incorrect kernel interfaces (closes: #94380, #95015, #102226)

* add uploaders: header to control file

This upload most probably fixes the problem with the old alpha version not being able to run properly due to a bad build environment. This problem may be solved by a general change... may be... Steve Langasek should speak up...

He said:

Samba upstream takes advantage of the best system facilities (libc/kernel) available at compile time. Because Debian releases usually include a baseline kernel and an 'experimental' kernel, Eloy and I have introduced packaging code in unstable that prevents Samba from detecting facilities that it should not be compiled against. The 2.0.7-4 upload backports these packaging mods to potato, both correcting the problems with past alpha security NMUs and safeguarding against the possibility of future problems with security NMUs in potato.

New Changelog says (2.0.7-5):

* Add Build-Depends line; the previous upload was missing potentially important library linkage on some architectures.

* Fix debian/rules to use xxx-linux instead of xxx-linux-gnu; config.sub doesn't grok the latter, causing printing to break (closes: #127444)

According to Steve Langasek this version is fine and suited for stable.

sendmail-widestable8.9.3+3.2W-20alpha
sendmail-widestable8.9.3+3.2W-23i386, m68k, powerpc, sparc, source
sendmail-wideupdates8.9.3+3.2W-23alpha

Get alpha version back in sync

squid-cgistable2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc
squid-cgiupdates2.2.5-4alpha, arm, i386, m68k, powerpc, sparc
squidclientstable2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc
squidclientupdates2.2.5-4alpha, arm, i386, m68k, powerpc, sparc
squidstable2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc, source
squidupdates2.2.5-4alpha, arm, i386, m68k, powerpc, sparc, source

Upload to address the problems as identified in the 2.4 series.

o ftp://user@pass overflow: not vulnerable

o HTCP cannot be turned off if compiled in: not vulnerable, the Debian package has had the "turn off HTCP" patch for ages

o SNMP memory leak potential DOS: applied patch for squid 2.4.STABLE3

sudostable1.6.2p2-2alpha, arm, i386, m68k, powerpc, sparc
sudoupdates1.6.2p2-2.1alpha, arm, i386, m68k, powerpc, sparc

Security Upload, DSA 101

tksetistable2.12-2alpha, arm, i386, powerpc, sparc, source
tksetiupdates2.12-2m68k

Get m68k version back in sync

libsnmp4.1-devstable4.1.1-2alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1-devupdates4.1.1-2.2alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1stable4.1.1-2alpha, arm, i386, m68k, powerpc, sparc
libsnmp4.1updates4.1.1-2.2alpha, arm, i386, m68k, powerpc, sparc
snmpdstable4.1.1-2alpha, arm, i386, m68k, powerpc, sparc
snmpdupdates4.1.1-2.2alpha, arm, i386, m68k, powerpc, sparc
snmpstable4.1.1-2alpha, arm, i386, m68k, powerpc, sparc
snmpupdates4.1.1-2.2alpha, arm, i386, m68k, powerpc, sparc
ucd-snmpstable4.1.1-2source
ucd-snmpupdates4.1.1-2.2source

DSA 111 - Multiple vulnerabilities

uucpstable1.06.1-11potato1alpha, arm, i386, m68k, powerpc, sparc
uucpupdates1.06.1-11potato2alpha, arm, i386, m68k, powerpc, sparc

Security Upload, DSA 079-2, uucp uid/gid access

wmtvstable0.6.5-2alpha, arm, i386, m68k, powerpc
wmtvstable0.6.5-2.0.1sparc
wmtvupdates0.6.5-2potato2alpha, arm, i386, m68k, powerpc, sparc

Security Upload, DSA 108, symlink vulnerability

xchat-commonstable1.4.3-0.1all
xchat-commonupdates1.4.3-1all
xchat-gnomestable1.4.3-0.1arm, i386, m68k, powerpc, sparc
xchat-gnomestable1.4.3-0.1.1alpha
xchat-gnomeupdates1.4.3-1alpha, arm, i386, m68k, powerpc, sparc
xchat-textstable1.4.3-0.1arm, i386, m68k, powerpc, sparc
xchat-textstable1.4.3-0.1.1alpha
xchat-textupdates1.4.3-1alpha, arm, i386, m68k, powerpc, sparc
xchatstable1.4.3-0.1arm, i386, m68k, powerpc, sparc
xchatstable1.4.3-0.1.1alpha
xchatupdates1.4.3-1alpha, arm, i386, m68k, powerpc, sparc

* Fixed "Xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability", (http://www.securityfocus.com/archive/1/249113); patch provided by upstream author, Peter Zelezny <zed@linux.com>.

DSA 099

xcinstable2.3.04-1arm
xcinstable2.5.1.3-1powerpc
xcinstable2.5.1.99.pre6.1-1alpha
xcinstable2.5.2-1i386, m68k, sparc
xcinupdates2.5.2-1alpha, arm, powerpc

Get versions back in sync

xmysqladminstable1.0-5m68k
xmysqladminstable1.0-7alpha, i386, powerpc, source
xmysqladminupdates1.0-7m68k

Get m68k version back in sync

xsanestable0.50-5alpha, arm, i386, m68k, powerpc, sparc, source
xsaneupdates0.50-5.1alpha, arm, i386, m68k, powerpc, sparc, source

DSA 118 - insecure temporary files

xtellstable1.91alpha, arm, i386, m68k, powerpc, sparc, source
xtellupdates1.91.2alpha, arm, i386, m68k, powerpc, sparc, source

DSA 121 - several vulnerabilities

A couple of arch's missing for .2, but uploaded already

zmailer-sslstable2.99.50.s19-2alpha
zmailer-sslstable2.99.51.52pre3-2arm, i386, m68k, powerpc, sparc, source
zmailer-sslupdates2.99.51.52pre3-2alpha

Get Alpha version back in sync

Need further investigation

These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet.

photopcstable2.1-1powerpc
photopcstable2.8-3arm
photopcstable3.02-2alpha, i386, sparc, source
photopcupdates3.02-2powerpc

Get versions in sync.


MISSING arm

unixcwstable1.1a-2arm
unixcwstable1.1a-5alpha, i386, source
unixcwupdates1.1a-5powerpc, sparc

Get package in sync through all architectures.


MISSING arm

Rejected packages

These packages don't meet the requirements.

dvi2ps-fontdata-a2nstable1.0-5all
dvi2ps-fontdata-a2nupdates1.0-7all
dvi2ps-fontdata-bsrstable1.0-5all
dvi2ps-fontdata-bsrupdates1.0-7all
dvi2ps-fontdata-jastable1.0-5all
dvi2ps-fontdata-jaupdates1.0-7all
dvi2ps-fontdata-n2astable1.0-5all
dvi2ps-fontdata-n2aupdates1.0-7all
dvi2ps-fontdata-ptexfakestable1.0-5all
dvi2ps-fontdata-ptexfakeupdates1.0-7all
dvi2ps-fontdata-rrsstable1.0-5all
dvi2ps-fontdata-rrsupdates1.0-7all
dvi2ps-fontdata-rspstable1.0-5all
dvi2ps-fontdata-rspupdates1.0-7all
dvi2ps-fontdata-tbankstable1.0-5all
dvi2ps-fontdata-tbankupdates1.0-7all
dvi2ps-fontdata-threestable1.0-5all
dvi2ps-fontdata-threeupdates1.0-7all

Misplaced upload to 'stable unstable'

efingerdstable1.3alpha, arm, i386, m68k, powerpc, sparc, source
efingerdupdates1.3.2alpha, arm, i386, m68k, powerpc, sparc, source

Alleged security update, .1 and .2 are broken, though.

Joey is discussion the issue with the maintainer.

jtex-basestable1.8-6all, source
jtex-baseupdates1.8-7all, source

Misplaced upload, stable+unstable

rsyncstable2.3.2-1.2alpha, arm, i386, m68k, powerpc, sparc
rsyncupdates2.3.2-1.3alpha, arm, i386, m68k, powerpc, sparc

DSA 106

Broken packages, hence rejecting

Disclaimer

This list intends to help the ftp-masters releasing 2.2r6. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>.
Last updated 2002/04/03 09:36 MET