Preparation of Debian GNU/Linux 3.0r2

An up-to-date version is at http://master.debian.org/~joey/3.0r2/.

I am preparing the second revision of the current stable Debian distribution (woody) and will infrequently send reports so people can actually comment on it and intervene whenever this is required.

If you disagree with one bit or another, please reply to this mail and explain why these things should be handled differently. There is still time to reconsider.

The plan is to release this revision at some time in the future. An ftpmaster still has to give the final approval for each package since they are responsible for the archive. However, I will try to make their work as easy as possible in the hope to get the next revision out properly.

The regulations for stable are quite conservative. The requirements for packages to get into stable are:

1. The package fixes a security problem. An advisory by our own Security Team is required. Updates need to be approved by the security team.

2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore).

3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts.

4. All released architectures have to be in sync.

5. If it is a kernel package, I can detect a similar amount of packages to remove, preferably older versions of the new packages.

It is ((1 OR 2 OR 3) AND 4) OR 5

Regular bugs and upgrade problems don't get fixed in new revisions for the stable distribution. They should instead be documented in the Release Notes which are maintained by Rob Bradford <mailto:robster@debian.org> and are found at http://www.debian.org/releases/woody/releasenotes.

Packages, which will most probably be rejected:

. Packages that fix non-critical bugs.

. Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable' or similar.

. Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution.

. Binary packages for which the source got lost somehow.

Accepted Packages

These packages will be installed into the stable Debian distribution and will be part of the next revision.

acmstable5.0-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
acmupdates5.0-3.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 333 - integer overflow

apcupsdstable3.8.5-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
apcupsdupdates3.8.5-1.1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 277 - buffer overflows, format string

aspell-enstable0.33.7.1-8alpha arm hppa i386 ia64 m68k powerpc s390 sparc
aspellstable0.33.7.1-8alpha arm hppa i386 ia64 m68k powerpc s390 sparc source
libaspell-devstable0.33.7.1-8alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libaspell10stable0.33.7.1-8alpha arm hppa i386 ia64 m68k powerpc s390 sparc

The license incorrectly says that it's LGPL but it is in fact a unique license which is non-DFSG-free.

atftpdstable0.6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
atftpdupdates0.6.0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
atftpstable0.6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
atftpupdates0.6.0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 314 - buffer overflow

autorespondstable2.0.2-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
autorespondupdates2.0.2-2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 373 - buffer overflow

balsastable1.2.4-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
balsaupdates1.2.4-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 300 - buffer overflow

bind-devstable1:8.3.3-0.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bind-devupdates1:8.3.3-2.0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bind-docstable1:8.3.3-0.woody.1all
bind-docupdates1:8.3.3-2.0woody1all
bindstable1:8.3.3-0.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
bindupdates1:8.3.3-2.0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 196 - several vulnerabilities

bugzilla-docstable2.14.2-0woody2all
bugzilla-docupdates2.14.2-0woody4all
bugzillastable2.14.2-0woody2all source
bugzillaupdates2.14.2-0woody4all source

DSA 230 - insecure permissions, spurious backup files

canna-utilsstable3.5b2-46alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
canna-utilsupdates3.5b2-46.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cannastable3.5b2-46alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cannaupdates3.5b2-46.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libcanna1g-devstable3.5b2-46alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcanna1g-devupdates3.5b2-46.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcanna1gstable3.5b2-46alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcanna1gupdates3.5b2-46.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 224 - buffer overflow and more

colrconvstable0.99.2-8alpha i386 source
colrconvupdates0.99.2-8arm hppa ia64 m68k mips mipsel powerpc s390 sparc

Bring architectures back in sync

console-datastable1999.08.29-24all source
console-dataupdates1999.08.29-24.2all source

* Add keymaps for sunt5-uk, sunt6-uk. Required for systems with these keyboards to boot. Closes: #190745.

* Fix depends to work properly on woody. Closes: #201659.

Alastair McKinstry: The sunt5-uk support was in boot-floppies on Woody 3.0; it appears from the boot-floppies logs that you could select it; once the system rebooted however, it would be broken. sunt6-uk is not in boot-floppies. You have to select it after booting. (British and American keyboards are close enough that you can boot American and fix the keyboard afterwards, when console-common runs.)

Rendering freshly installed machines unbootable is bad...

cupsys-bsdstable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsys-bsdupdates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsys-clientstable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsys-clientupdates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsys-pstorasterstable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsys-pstorasterupdates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cupsysstable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cupsysupdates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libcupsys2-devstable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcupsys2-devupdates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcupsys2stable1.1.14-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libcupsys2updates1.1.14-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 317 - denial of service

cvsstable1.11.1p1debian-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cvsupdates1.11.1p1debian-8.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 233 - doubly freed memory

cyrus-adminstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-adminupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-commonstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-commonupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-devstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-devupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-imapdstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cyrus-imapdupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cyrus-nntpstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-nntpupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-pop3dstable1.5.19-9alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
cyrus-pop3dupdates1.5.19-9.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 215 - buffer overflow

cyrus-sasl2stable2.1.2-2source
libsasl2-devstable2.1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsasl2-digestmd5-plainstable2.1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsasl2-modules-plainstable2.1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsasl2stable2.1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
sasl2-binstable2.1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

The library has some minor security problems and according to the maintainer some other problems as well, i.e. it could not work with software in testing/unstable which requires it either. All of the SASL-using software in stable uses cyrus-sasl, not cyrus-sasl2.

dbishellstable0.8.9-2all source
dbishellupdates0.8.9-2woody1all source

Workaround xterm feature disabled in DSA 380-1 that we used. Without this change, we lose the ability to run inside xterms after DSA 380-1 is dealt with on a system.

ddskkstable11.6.rel.0-2all source
ddskkupdates11.6.rel.0-2woody1all source

DSA 343 - insecure temporary file

debianutilsstable1.16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
debianutilsupdates1.16.2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Backport for woody. closes: #172200.

* Backport of Ian Zimmerman's run-parts program output loss patch, which fixes zombie problem. closes: #184710.

There is a race condition with the receiving of SIGCHLD before select is called.

1.16.1woody0 consumed infinite CPU power. It should be fixed in 1.16.2woody0 which happens to be just another version from sid recompiled. That's a reason to delay it alone, this requires testing!

dhcp3-clientstable3.0+3.0.1rc9-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-clientupdates3.0+3.0.1rc9-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-commonstable3.0+3.0.1rc9-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-commonupdates3.0+3.0.1rc9-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-devstable3.0+3.0.1rc9-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-devupdates3.0+3.0.1rc9-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-relaystable3.0+3.0.1rc9-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-relayupdates3.0+3.0.1rc9-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-serverstable3.0+3.0.1rc9-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3-serverupdates3.0+3.0.1rc9-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dhcp3stable3.0+3.0.1rc9-2source
dhcp3updates3.0+3.0.1rc9-2.2source

DSA 245 - ignored counter boundary

DSA 231 - stack overflows

dietlibc-devstable0.12-2.4alpha arm i386 mips mipsel powerpc sparc
dietlibc-devupdates0.12-2.5alpha arm i386 mips mipsel powerpc sparc
dietlibc-docstable0.12-2.4all
dietlibc-docupdates0.12-2.5all
dietlibcstable0.12-2.4source
dietlibcupdates0.12-2.5source

DSA 272 - integer overflow

dwwwstable1.7.6.woody.1alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
dwwwupdates1.7.6.woody.1arm
realpathstable1.7.6.woody.1alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
realpathupdates1.7.6.woody.1arm

Get architectures in sync

ecartis-cgistable0.129a+1.0.0-snap20020514-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ecartis-cgiupdates0.129a+1.0.0-snap20020514-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ecartisstable0.129a+1.0.0-snap20020514-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
ecartisupdates0.129a+1.0.0-snap20020514-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 271 - unauthorized password change

eldavstable0.0.20020411-1all source
eldavupdates0.0.20020411-1woody1all source

DSA 325 - insecure temporary file

epicstable3.004-17alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
epicupdates3.004-17.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 287 - buffer overflows

epic4stable1:1.1.2.20020219-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
epic4updates1:1.1.2.20020219-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 298 - buffer overflows

DSA 399 - buffer overflow

eroasterstable2.1.0.0.3-2all source
eroasterupdates2.1.0.0.3-2woody1all source

DSA 366 - insecure temporary file

etermstable0.9.2-0pre2002042903alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
etermupdates0.9.2-0pre2002042903.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 309 - buffer overflow

ethereal-commonstable0.9.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ethereal-commonupdates0.9.4-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ethereal-devstable0.9.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ethereal-devupdates0.9.4-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
etherealstable0.9.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
etherealupdates0.9.4-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
tetherealstable0.9.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
tetherealupdates0.9.4-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 258 - format string vulnerability

DSA 313 - buffer overflows, integer overflows

DSA 324 - several vulnerabilities

eximonstable3.35-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
eximonupdates3.35-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
eximstable3.35-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
eximupdates3.35-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 376 - buffer overflow

exim-tlsstable3.35-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
exim-tlsupdates3.35-3woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 376 - buffer overflow

falconseye-datastable1.9.3-7all
falconseye-dataupdates1.9.3-7woody3all
falconseyestable1.9.3-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
falconseyeupdates1.9.3-7woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 350 - buffer overflow

fdclonestable2.00a-1alpha arm hppa i386 m68k powerpc s390 sparc source
fdcloneupdates2.00a-1woody3alpha arm hppa i386 m68k powerpc s390 sparc source

DSA 352 - insecure temporary directory

fetchmail-commonstable5.9.11-6.1all
fetchmail-commonupdates5.9.11-6.2all
fetchmailconfstable5.9.11-6.1all
fetchmailconfupdates5.9.11-6.2all
fetchmailstable5.9.11-6.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
fetchmailupdates5.9.11-6.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 216 - buffer overflow

fetchmail-sslstable5.9.11-6.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
fetchmail-sslupdates5.9.11-6.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 216 - buffer overflow

filestable3.37-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
fileupdates3.37-3.1.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 260 - buffer overflow

ftape-toolsstable1:1.09.2001.08.13-0.3source
ftape-utilstable1:1.09.2001.08.13-0.3arm i386
ftape-utilupdates1:1.09.2001.08.13-0.3alpha

Get architectures more in sync

fuzzstable0.6-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
fuzzupdates0.6-6woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 302 - privilege escalation

gallerystable1.2.5-7.woody.0all source
galleryupdates1.2.5-8woody1all source

DSA 355 - cross-site scripting

glibc-docstable2.2.5-11.2all
glibc-docupdates2.2.5-11.5all
glibcstable2.2.5-11.2source
glibcupdates2.2.5-11.5source
libc6-dbgstable2.2.5-11.2arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-dbgupdates2.2.5-11.5arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-dev-sparc64stable2.2.5-11.2sparc
libc6-dev-sparc64updates2.2.5-11.5sparc
libc6-devstable2.2.5-11.2arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-devupdates2.2.5-11.5arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-picstable2.2.5-11.2arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-picupdates2.2.5-11.5arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-profstable2.2.5-11.2arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-profupdates2.2.5-11.5arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6-sparc64stable2.2.5-11.2sparc
libc6-sparc64updates2.2.5-11.5sparc
libc6.1-dbgstable2.2.5-11.2alpha ia64
libc6.1-dbgupdates2.2.5-11.5alpha ia64
libc6.1-devstable2.2.5-11.2alpha ia64
libc6.1-devupdates2.2.5-11.5alpha ia64
libc6.1-picstable2.2.5-11.2alpha ia64
libc6.1-picupdates2.2.5-11.5alpha ia64
libc6.1-profstable2.2.5-11.2alpha ia64
libc6.1-profupdates2.2.5-11.5alpha ia64
libc6.1stable2.2.5-11.2alpha ia64
libc6.1updates2.2.5-11.5alpha ia64
libc6stable2.2.5-11.2arm hppa i386 m68k mips mipsel powerpc s390 sparc
libc6updates2.2.5-11.5arm hppa i386 m68k mips mipsel powerpc s390 sparc
localesstable2.2.5-11.2all
localesupdates2.2.5-11.5all
nscdstable2.2.5-11.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nscdupdates2.2.5-11.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 282 - integer overflow

gnocatan-clientstable0.6.1-5alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
gnocatan-clientstable0.6.1-5.0.1hppa
gnocatan-clientupdates0.6.1-5woody2alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
gnocatan-datastable0.6.1-5all
gnocatan-dataupdates0.6.1-5woody2all
gnocatan-helpstable0.6.1-5all
gnocatan-helpupdates0.6.1-5woody2all
gnocatan-serverstable0.6.1-5alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
gnocatan-serverstable0.6.1-5.0.1hppa
gnocatan-serverupdates0.6.1-5woody2alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
gnocatanstable0.6.1-5source
gnocatanupdates0.6.1-5woody2source

DSA 315 - buffer overflows, denial of service

gnupgstable1.0.6-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
gnupgupdates1.0.6-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

Upstream security fix and compatibility with more recent keyrings. This update is required to use recent Debian keyrings with Debian stable.

gopherdstable3.0.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
gopherdupdates3.0.3woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
gopherstable3.0.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
gopherupdates3.0.3woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 387 - buffer overflows

gs-commonstable0.3.3all source
gs-commonupdates0.3.3.0woody1all source

DSA 286 - insecure temporary file

gzipstable1.3.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
gzipupdates1.3.2-3woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 308 - insecure temporary files

hylafax-clientstable1:4.1.1-1.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
hylafax-clientupdates1:4.1.1-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
hylafax-docstable1:4.1.1-1.1all
hylafax-docupdates1:4.1.1-3all
hylafax-serverstable1:4.1.1-1.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
hylafax-serverupdates1:4.1.1-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
hylafaxstable1:4.1.1-1.1source
hylafaxupdates1:4.1.1-3source

* NMU by Giuseppe Sacco (rejected)

* The ghostscript fonts where looked for among many directories. If some of these directories wasn't existing then a message was written for each of them. Now the message is printed only if all directories are missing (Closes: #146874)

* fixed the way configure looks for awk. (Closes: #153488)

* Added g++ as build dep.

DSA 401 - format strings

hypermailstable2.1.3-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
hypermailupdates2.1.3-2.0alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 248 - buffer overflows

illuminator-demostable0.3.2-1.woody.2alpha i386 mips mipsel powerpc s390 sparc
illuminator-demoupdates0.3.2-1.woody.2ia64
illuminator-devstable0.3.2-1.woody.2alpha i386 mips mipsel powerpc s390 sparc
illuminator-devupdates0.3.2-1.woody.2ia64
illuminator-docstable0.3.2-1.woody.2all
illuminator0stable0.3.2-1.woody.2alpha i386 mips mipsel powerpc s390 sparc
illuminator0updates0.3.2-1.woody.2ia64
illuminatorstable0.3.2-1.woody.2source

Sync architectures

imagemagickstable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
imagemagickupdates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libmagick++5-devstable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick++5-devupdates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick++5stable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick++5updates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick5-devstable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick5-devupdates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick5stable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmagick5updates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perlmagickstable4:5.4.4.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perlmagickupdates4:5.4.4.5-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 331 - insecure temporary file

impstable3:2.2.6-5all source
impupdates3:2.2.6-5.2all source

DSA 229 - SQL injection

intlfontsstable1.2-2.1source
intlfontsupdates1.2.1-0.woody.1source
xfonts-intl-arabicstable1.2-2.1all
xfonts-intl-arabicupdates1.2.1-0.woody.1all
xfonts-intl-asianstable1.2-2.1all
xfonts-intl-asianupdates1.2.1-0.woody.1all
xfonts-intl-chinese-bigstable1.2-2.1all
xfonts-intl-chinese-bigupdates1.2.1-0.woody.1all
xfonts-intl-chinesestable1.2-2.1all
xfonts-intl-chineseupdates1.2.1-0.woody.1all
xfonts-intl-europeanstable1.2-2.1all
xfonts-intl-europeanupdates1.2.1-0.woody.1all
xfonts-intl-japanese-bigstable1.2-2.1all
xfonts-intl-japanese-bigupdates1.2.1-0.woody.1all
xfonts-intl-japanesestable1.2-2.1all
xfonts-intl-japaneseupdates1.2.1-0.woody.1all
xfonts-intl-phoneticstable1.2-2.1all
xfonts-intl-phoneticupdates1.2.1-0.woody.1all

New upstream release, backported to woody. It fixes the licensing problem with Japanese big fonts that we are not allowed to distribute.

New upstream source is required since the orig.tar.gz needs to be altered which would not be possible with the same version. *sigh*

ipmasqstable3.5.10all source
ipmasqupdates3.5.10call source

DSA 389 - insecure packet filtering rules

bitchx-devstable1:1.0-0c19-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchx-devupdates1:1.0-0c19-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchx-gtkstable1:1.0-0c19-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchx-gtkupdates1:1.0-0c19-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchx-sslstable1:1.0-0c19-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchx-sslupdates1:1.0-0c19-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchxstable1:1.0-0c19-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bitchxupdates1:1.0-0c19-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ircii-panastable1:1.0-0c19-1source
ircii-panaupdates1:1.0-0c19-1.1source

DSA 306 - buffer overflows, integer overflow

jigdo-filestable0.6.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
jigdo-fileupdates0.6.5-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
jigdostable0.6.5-1source
jigdoupdates0.6.5-2source

Backported some changes from 0.6.8 to stable so the tool works well with current cdimage archives (or rather .template files). It also fixes a bug with wrong files downloaded when the filename is the same but the path isn't.

jnethackstable1.1.5-11alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
jnethackupdates1.1.5-11woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 316 - buffer overflow, incorrect permissions

katestable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kateupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-audiolibsstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-audiolibsupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-devstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-devupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-docstable4:2.2.2-14all
kdebase-docupdates4:2.2.2-14.7all
kdebase-libsstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebase-libsupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdebasestable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
kdebaseupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
kdewallpapersstable4:2.2.2-14all
kdewallpapersupdates4:2.2.2-14.7all
kdmstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdmupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
konquerorstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
konquerorupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
konsolestable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
konsoleupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kscreensaverstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kscreensaverupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkonq-devstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkonq-devupdates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkonq3stable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkonq3updates4:2.2.2-14.7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 296 - insecure execution

DSA 388 - several vulnerabilities

kamerastable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kameraupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kcoloreditstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kcoloreditupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdegraphicsstable4:2.2.2-6.8source
kdegraphicsupdates4:2.2.2-6.11source
kfractstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kfractupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kghostviewstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kghostviewupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kiconeditstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kiconeditupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kookastable4:2.2.2-6.8alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
kookaupdates4:2.2.2-6.11alpha i386 ia64 m68k mips mipsel powerpc s390 sparc
kpaintstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kpaintupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krulerstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krulerupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ksnapshotstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ksnapshotupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kviewstable4:2.2.2-6.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kviewupdates4:2.2.2-6.11alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkscan-devstable4:2.2.2-6.8alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
libkscan-devupdates4:2.2.2-6.11alpha i386 ia64 m68k mips mipsel powerpc s390 sparc
libkscan1stable4:2.2.2-6.8alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
libkscan1updates4:2.2.2-6.11alpha i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 284 - insecure execution

kdelibs-devstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs-devupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-binstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-binupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-cupsstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-cupsupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-docstable4:2.2.2-13.woody.5all
kdelibs3-docupdates4:2.2.2-13.woody.8all
kdelibs3stable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3updates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibsstable4:2.2.2-13.woody.5source
kdelibsupdates4:2.2.2-13.woody.8source
libarts-alsastable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libarts-alsaupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libarts-devstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libarts-devupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libartsstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libartsupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmid-alsastable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmid-alsaupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmid-devstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmid-devupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmidstable4:2.2.2-13.woody.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkmidupdates4:2.2.2-13.woody.8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 293 - insecure execution

DSA 361 - several vulnerabilities

kdelibs-cryptostable4:2.2.2-6source
kdelibs-cryptoupdates4:2.2.2-6woody2source
kdelibs3-cryptostable4:2.2.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdelibs3-cryptoupdates4:2.2.2-6woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 361 - several vulnerabilities

kdenetworkstable4:2.2.2-14source
kdenetworkupdates4:2.2.2-14.6source
kdictstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdictupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
kitstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kitupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
klisastable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
klisaupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
kmailstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kmailupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
knewstickerstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
knewstickerupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
knodestable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
knodeupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
kornstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kornupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
kpppstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kpppupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
ksircstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ksircupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
ktalkdstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ktalkdupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
libkdenetwork1stable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkdenetwork1updates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
libmimelib-devstable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmimelib-devupdates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc
libmimelib1stable4:2.2.2-14alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmimelib1updates4:2.2.2-14.6alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc

DSA 237 - several vulnerabilities

kapptemplatestable2.2.2-3all
kapptemplateupdates2.2.2-3.2all
kbabel-devstable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kbabel-devupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kbabelstable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kbabelupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kdepalettesstable2.2.2-3all
kdepalettesupdates2.2.2-3.2all
kdesdk-docstable2.2.2-3all
kdesdk-docupdates2.2.2-3.2all
kdesdk-scriptsstable2.2.2-3all
kdesdk-scriptsupdates2.2.2-3.2all
kdesdkstable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
kdesdkupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
kexamplestable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kexampleupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kmtracestable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kmtraceupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kspystable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kspyupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kstartperfstable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
kstartperfupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
poxmlstable2.2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
poxmlupdates2.2.2-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 239 - several vulnerabilities

kernel-headers-2.2.20-compactstable2.2.20-5i386
kernel-headers-2.2.20-compactupdates2.2.20-5woody3i386
kernel-headers-2.2.20-idepcistable2.2.20-5i386
kernel-headers-2.2.20-idepciupdates2.2.20-5woody3i386
kernel-headers-2.2.20stable2.2.20-5i386
kernel-headers-2.2.20updates2.2.20-5woody3i386
kernel-image-2.2.20-compactstable2.2.20-5i386
kernel-image-2.2.20-compactupdates2.2.20-5woody3i386
kernel-image-2.2.20-i386stable2.2.20-5source
kernel-image-2.2.20-i386updates2.2.20-5woody3source
kernel-image-2.2.20-idepcistable2.2.20-5i386
kernel-image-2.2.20-idepciupdates2.2.20-5woody3i386
kernel-image-2.2.20stable2.2.20-5i386
kernel-image-2.2.20updates2.2.20-5woody3i386

DSA 336 - several vulnerabilities

kernel-headers-2.4.17stable2.4.17-2.woody.1.1s390
kernel-headers-2.4.17updates2.4.17-2.woody.2.2s390
kernel-image-2.4.17-s390stable2.4.17-2.woody.1.1s390 source
kernel-image-2.4.17-s390updates2.4.17-2.woody.2.2s390 source

DSA 276 - local privilege escalation

kernel-headers-2.4.17stable2.4.17-0.020226.2mips mipsel
kernel-headers-2.4.17updates2.4.17-0.020226.2.woody2mips mipsel
kernel-image-2.4.17-r3k-kn02stable2.4.17-0.020226.2mipsel
kernel-image-2.4.17-r3k-kn02updates2.4.17-0.020226.2.woody2mipsel
kernel-image-2.4.17-r4k-ip22stable2.4.17-0.020226.2mips
kernel-image-2.4.17-r4k-ip22updates2.4.17-0.020226.2.woody2mips
kernel-image-2.4.17-r4k-kn04stable2.4.17-0.020226.2mipsel
kernel-image-2.4.17-r4k-kn04updates2.4.17-0.020226.2.woody2mipsel
kernel-image-2.4.17-r5k-ip22stable2.4.17-0.020226.2mips
kernel-image-2.4.17-r5k-ip22updates2.4.17-0.020226.2.woody2mips
kernel-patch-2.4.17-mipsstable2.4.17-0.020226.1all source
kernel-patch-2.4.17-mipsupdates2.4.17-0.020226.2.woody2all source
mips-toolsstable2.4.17-0.020226.2mipsel
mips-toolsstable2.4.19-0.020911.1.woody0mips
mips-toolsupdates2.4.17-0.020226.2.woody2mipsel
mips-toolsupdates2.4.19-0.020911.1.woody1mips

DSA 270 - local privilege escalation

kernel-patch-2.4.17-s390stable0.0.20020816-0.woody.1all source
kernel-patch-2.4.17-s390updates0.0.20020816-0.woody.1.1all source

DSA 276 - local privilege escalation

kernel-headers-2.4.18stable2.4.18-1powerpc
kernel-headers-2.4.18updates2.4.18-1woody1powerpc
kernel-image-2.4.18-newpmacstable2.4.18-1powerpc
kernel-image-2.4.18-newpmacupdates2.4.18-1woody1powerpc
kernel-image-2.4.18-powerpc-smpstable2.4.18-1powerpc
kernel-image-2.4.18-powerpc-smpupdates2.4.18-1woody1powerpc
kernel-image-2.4.18-powerpcstable2.4.18-1powerpc
kernel-image-2.4.18-powerpcupdates2.4.18-1woody1powerpc
kernel-patch-2.4.18-powerpcstable2.4.18-1all source
kernel-patch-2.4.18-powerpcupdates2.4.18-1woody1all source

DSA 312 - several vulnerabilities

kernel-headers-2.4.19stable2.4.19-0.020911.1.woody0mips
kernel-headers-2.4.19updates2.4.19-0.020911.1.woody1mips
kernel-image-2.4.19-r4k-ip22stable2.4.19-0.020911.1.woody0mips
kernel-image-2.4.19-r4k-ip22updates2.4.19-0.020911.1.woody1mips
kernel-image-2.4.19-r5k-ip22stable2.4.19-0.020911.1.woody0mips
kernel-image-2.4.19-r5k-ip22updates2.4.19-0.020911.1.woody1mips
kernel-patch-2.4.19-mipsstable2.4.19-0.020911.1.woody0all source
kernel-patch-2.4.19-mipsupdates2.4.19-0.020911.1.woody1all source
mips-toolsstable2.4.19-0.020911.1.woody0mips
mips-toolsupdates2.4.19-0.020911.1.woody1mips

DSA 270 - local privilege escalation

kernel-doc-2.4.17stable2.4.17-1all
kernel-doc-2.4.17updates2.4.17-1woody1all
kernel-source-2.4.17stable2.4.17-1all source
kernel-source-2.4.17updates2.4.17-1woody1all source
mkcramfsstable2.4.17-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mkcramfsupdates2.4.17-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 332 - several vulnerabilities

kernel-doc-2.4.18stable2.4.18-5all
kernel-doc-2.4.18updates2.4.18-13all
kernel-source-2.4.18stable2.4.18-5all source
kernel-source-2.4.18updates2.4.18-13all source

DSA 358 - several vulnerabilities

krb5-admin-serverstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-admin-serverupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-clientsstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-clientsupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-docstable1.2.4-5woody3all
krb5-docupdates1.2.4-5woody4all
krb5-ftpdstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-ftpdupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-kdcstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-kdcupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-rsh-serverstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-rsh-serverupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-telnetdstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-telnetdupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-userstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5-userupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
krb5stable1.2.4-5woody3source
krb5updates1.2.4-5woody4source
libkadm55stable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkadm55updates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkrb5-devstable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkrb5-devupdates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkrb53stable1.2.4-5woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libkrb53updates1.2.4-5woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 266 - several vulnerabilities

leksbotstable1.2-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
leksbotupdates1.2-3.1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 299 - improper setuid-root execution

libdbd-mysql-perlstable1.2216-2arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libdbd-mysql-perlstable1.2216-2.0.1alpha
libdbd-mysql-perlupdates1.2216-2.0.1ia64

* Binary-only non-maintainer upload for ia64; no source changes.

* Rebuild for ia64: Closes: #191552

TODO: Find out if it works, the bug submitter fell silent

RaphaŽl Hertzog said: It works. I gave the package to at least another person who had the same problem and he never mailed me to say that it doesn't solve his problem.

liblocale-gettext-perlstable1.01-11alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
liblocale-gettext-perlupdates1.01-11a.woodyalpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* The bugs #156381 is also in the stable version of the package. Since it renders basic packages like debconf unusable when it's installed, I'm providing this updated package to fix it.

* Added the include <libintl.h> in the .xs file this time.

* Really stupid version number to have a version number lower than 1.01-11bis which is in unstable...

The bug report demonstrates that this problem may render an entire installation/upgrade broken. Hence, an update is required.

libmailtools-perlstable1.44-1all source
libmailtools-perlupdates1.44-1woody2all source
mailtoolsstable1.44-1all
mailtoolsupdates1.44-1woody2all

DSA 386 - input validation bug

libpam-smbstable1.1.6-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libpam-smbupdates1.1.6-1.1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 374 - buffer overflow

libparagui1.0-devstable0.1.0-1arm hppa i386 m68k mips mipsel powerpc s390
libparagui1.0-devupdates0.1.0-1sparc
libparagui1.0stable0.1.0-1arm hppa i386 m68k mips mipsel powerpc s390 source
libparagui1.0updates0.1.0-1sparc
paragui-themesstable0.1.0-1arm hppa i386 m68k mips mipsel powerpc s390
paragui-themesupdates0.1.0-1sparc

Get architectures more in sync

libphp-adodbstable1.51-1all source
libphp-adodbupdates1.51-1.1all source

* Fix GetUpdateSQL() function problem. (Closes: #177332) Old function will update all datasets in the table, because the where statement wasn't created correctly.

This fixes potential data loss since no WHERE clause would be appended to an SQL query.

libpng2-devstable1.0.12-3.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpng2-devupdates1.0.12-3.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpng2stable1.0.12-3.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpng2updates1.0.12-3.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpngstable1.0.12-3.woody.2source
libpngupdates1.0.12-3.woody.3source

DSA 140 - buffer overflow

libpng-devstable1.2.1-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpng-devupdates1.2.1-1.1.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpng3stable1.2.1-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libpng3updates1.2.1-1.1.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 140 - buffer overflow

libprinterconf-devstable0.4-2alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
libprinterconf-devupdates0.5-4.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libprinterconf0stable0.4-2alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
libprinterconf0updates0.5-4.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libprinterconfstable0.4-2source
libprinterconfupdates0.5-4.woody.2source
pconf-detectstable0.4-2alpha arm i386 ia64 m68k mips mipsel powerpc s390 sparc
pconf-detectupdates0.5-4.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

Due to a maintainer bug the package libsnmpkit1 did not only contain libsnmpkit2.so.* but also lacked the libsnmpkit2.so link. Hence, it's not exactly usable in woody. In turn this renders packages like pconf-detect, gnulpr and printtool useless.

liece-dccstable2.0+0.20020217cvs-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
liece-dccupdates2.0+0.20020217cvs-2.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
liecestable2.0+0.20020217cvs-2all source
lieceupdates2.0+0.20020217cvs-2.1all source

DSA 341 - insecure temporary file

lprng-docstable3.8.10-1all
lprng-docupdates3.8.10-1.2all
lprngstable3.8.10-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
lprngupdates3.8.10-1.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 285 - insecure temporary file

lvstable4.49.4-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
lvupdates4.49.4-7woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 304 - privilege escalation

lyskom-serverstable2.0.6-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
lyskom-serverupdates2.0.6-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 318 - denial of service

mah-jongstable1.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
mah-jongupdates1.4-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 378 - buffer overflows, denial of service

man-dbstable2.3.20-18alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
man-dbupdates2.3.20-18.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 364 - buffer overflows, arbitrary command execution

marblesstable1.0.2-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
marblesupdates1.0.2-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 390 - buffer overflow

mhc-utilsstable0.25+20010625-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mhc-utilsupdates0.25+20010625-7.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mhcstable0.25+20010625-7all source
mhcupdates0.25+20010625-7.1all source

DSA 256 - insecure temporary file

mhonarcstable2.5.2-1.2all source
mhonarcupdates2.5.2-1.3all source

DSA 221 - cross site scripting

micqstable0.4.9-0woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
micqupdates0.4.9-0woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

0.4.9-0woody3: DSA 211 - denial of service

Any version: Serious copyright violation, hence, removing. It's been removed from unstable and testing already. See Bug#167606 and Bug#194784

mikmodstable3.1.6-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
mikmodupdates3.1.6-4woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 320 - buffer overflow

mime-supportstable3.18-1all source
mime-supportupdates3.18-1.3all source

DSA 292 - insecure temporary file creation

mindistable0.58.r5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
mindiupdates0.58.r5-1woody1i386 source

DSA 362 - insecure temporary file

mindi is i386-centric since it uses lilo. It was only accidently set to arch=any

minimaliststable2.2-3all source
minimalistupdates2.2-4all source

DSA 402 - unsanitised input

moxftpstable2.2-18source
moxftpupdates2.2-18.1source
xftpstable2.2-18alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xftpupdates2.2-18.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 281 - buffer overflow

mozart-contribstable1.2.3.20011204-3i386 m68k powerpc sparc
mozart-contribupdates1.2.3.20011204-3woody1i386 m68k powerpc sparc
mozart-doc-htmlstable1.2.3.20011204-3all
mozart-doc-htmlupdates1.2.3.20011204-3woody1all
mozartstable1.2.3.20011204-3i386 m68k powerpc sparc source
mozartupdates1.2.3.20011204-3woody1i386 m68k powerpc sparc source

DSA 342 - unsafe mailcap configuration

muttstable1.3.28-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
muttupdates1.3.28-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
mutt-utf8stable1.3.28-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mutt-utf8updates1.3.28-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 268 - buffer overflow

DSA 274 - buffer overflow

nano-tinystable1.0.6-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nano-tinyupdates1.0.6-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nano-udebupdates1.0.6-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nanostable1.0.6-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
nanoupdates1.0.6-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* nano.c: hardcode a --disable-wrapping-as-root backport to the stable version. If, as root, you want to enable wrapping, use the Meta-W toggle to enable it after starting nano (fixes: #127634 + 5 more).

This fixes a very annoying misfeature in the boot-floppies editor that should be adjusted.

libnetpbm9-devstable2:9.20-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libnetpbm9-devupdates2:9.20-8.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libnetpbm9stable2:9.20-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libnetpbm9updates2:9.20-8.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
netpbm-freestable2:9.20-8source
netpbm-freeupdates2:9.20-8.2source
netpbmstable2:9.20-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
netpbmupdates2:9.20-8.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 263 - math overflow errors

netrisstable0.5-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
netrisupdates0.5-4woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 372 - buffer overflow

nfs-commonstable1:1.0-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nfs-commonupdates1:1.0-2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nfs-kernel-serverstable1:1.0-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nfs-kernel-serverupdates1:1.0-2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nfs-utilsstable1:1.0-2source
nfs-utilsupdates1:1.0-2woody1source
nhfsstonestable1:1.0-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nhfsstoneupdates1:1.0-2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 349 - buffer overflow

nodestable0.3.0a-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
nodeupdates0.3.0a-2woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 375 - buffer overflow, format string

nowebmstable2.9a-7.1alpha arm i386 m68k mips mipsel powerpc s390 sparc
nowebmupdates2.9a-7.3alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
nowebstable2.9a-7.1source
nowebupdates2.9a-7.3source

DSA 323 - insecure temporary files

omega-rpgstable1:0.90-pa9-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
omega-rpgupdates1:0.90-pa9-7woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 400 - buffer overflow

ldap-gatewaysstable2.0.23-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ldap-gatewaysupdates2.0.23-6.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ldap-utilsstable2.0.23-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ldap-utilsupdates2.0.23-6.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libldap2-devstable2.0.23-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libldap2-devupdates2.0.23-6.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libldap2stable2.0.23-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libldap2updates2.0.23-6.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
openldap2stable2.0.23-6source
openldap2updates2.0.23-6.3source
slapdstable2.0.23-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
slapdupdates2.0.23-6.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 227 - buffer overflows and other bugs

opensshstable1:3.4p1-1source
opensshupdates1:3.4p1-1.woody.3source
ssh-askpass-gnomestable1:3.4p1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ssh-askpass-gnomeupdates1:3.4p1-1.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
sshstable1:3.4p1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
sshupdates1:3.4p1-1.woody.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 382 - possible remote vulnerability

openssh-krb5stable3.4p1-0woody1source
openssh-krb5updates3.4p1-0woody4source
ssh-krb5stable3.4p1-0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
ssh-krb5updates3.4p1-0woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 383 - possible remote vulnerability

libssl-devstable0.9.6c-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libssl-devupdates0.9.6c-2.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libssl0.9.6stable0.9.6c-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libssl0.9.6updates0.9.6c-2.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
opensslstable0.9.6c-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
opensslupdates0.9.6c-2.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
ssleaystable0.9.6c-2all
ssleayupdates0.9.6c-2.woody.4all

DSA 253 - information leak

DSA 288 - several vulnerabilities

libssl095astable0.9.5a-6alpha arm i386 m68k mips mipsel powerpc sparc
libssl095aupdates0.9.5a-6.woody.3alpha arm i386 m68k mips mipsel powerpc sparc
openssl095stable0.9.5a-6source
openssl095updates0.9.5a-6.woody.3source

DSA 394 - ASN.1 parsing vulnerability

orville-writestable2.53-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
orville-writeupdates2.53-4woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 326 - buffer overflows

libpam-pgsqlstable0.5.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpam-pgsqlupdates0.5.2-3woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
pam-pgsqlstable0.5.2-3source
pam-pgsqlupdates0.5.2-3woody1source

DSA 370 - format string

pcmcia-csstable3.1.33-6alpha arm i386 powerpc source
pcmcia-csupdates3.1.33-6woody1alpha arm i386 powerpc source
pcmcia-sourcestable3.1.33-6all
pcmcia-sourceupdates3.1.33-6woody1all

* Non-maintainer upload by the Security Team

* Need pcmcia-cs source in stable-security in order to provide updated pcmcia-modules for kernel update.

* No changes

There doesn't seem to be a DSA assigned to this, strange.

libcgi-fast-perlstable5.6.1-7all
libcgi-fast-perlupdates5.6.1-8.3all
libperl-devstable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libperl-devupdates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libperl5.6stable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libperl5.6updates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-basestable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-baseupdates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-debugstable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-debugupdates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-docstable5.6.1-7all
perl-docupdates5.6.1-8.3all
perl-modulesstable5.6.1-7all
perl-modulesupdates5.6.1-8.3all
perl-suidstable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perl-suidupdates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
perlstable5.6.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
perlupdates5.6.1-8.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 208 - broken safe compartment

DSA 371 - cross-site scripting

caudium-php4stable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
caudium-php4updates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-cgistable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-cgiupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-curlstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-curlupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-devstable4:4.1.2-6all
php4-devupdates4:4.1.2-6woody3all
php4-domxmlstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-domxmlupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-gdstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-gdupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-imapstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-imapupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-ldapstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-ldapupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mcalstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mcalupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mhashstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mhashupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mysqlstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-mysqlupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-odbcstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-odbcupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-pearstable4:4.1.2-6all
php4-pearupdates4:4.1.2-6woody3all
php4-recodestable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-recodeupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-snmpstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-snmpupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-sybasestable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-sybaseupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-xsltstable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4-xsltupdates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
php4stable4:4.1.2-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
php4updates4:4.1.2-6woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 351 - cross-site scripting

phpgroupware-addressbookstable0.9.14-0.RC3.2all
phpgroupware-addressbookupdates0.9.14-0.RC3.2.woody2all
phpgroupware-adminstable0.9.14-0.RC3.2all
phpgroupware-adminupdates0.9.14-0.RC3.2.woody2all
phpgroupware-api-docstable0.9.14-0.RC3.2all
phpgroupware-api-docupdates0.9.14-0.RC3.2.woody2all
phpgroupware-apistable0.9.14-0.RC3.2all
phpgroupware-apiupdates0.9.14-0.RC3.2.woody2all
phpgroupware-bookkeepingstable0.9.14-0.RC3.2all
phpgroupware-bookkeepingupdates0.9.14-0.RC3.2.woody2all
phpgroupware-bookmarksstable0.9.14-0.RC3.2all
phpgroupware-bookmarksupdates0.9.14-0.RC3.2.woody2all
phpgroupware-brewerstable0.9.14-0.RC3.2all
phpgroupware-brewerupdates0.9.14-0.RC3.2.woody2all
phpgroupware-calendarstable0.9.14-0.RC3.2all
phpgroupware-calendarupdates0.9.14-0.RC3.2.woody2all
phpgroupware-chatstable0.9.14-0.RC3.2all
phpgroupware-chatupdates0.9.14-0.RC3.2.woody2all
phpgroupware-chorastable0.9.14-0.RC3.2all
phpgroupware-choraupdates0.9.14-0.RC3.2.woody2all
phpgroupware-comicstable0.9.14-0.RC3.2all
phpgroupware-comicupdates0.9.14-0.RC3.2.woody2all
phpgroupware-core-docstable0.9.14-0.RC3.2all
phpgroupware-core-docupdates0.9.14-0.RC3.2.woody2all
phpgroupware-corestable0.9.14-0.RC3.2all
phpgroupware-coreupdates0.9.14-0.RC3.2.woody2all
phpgroupware-developer-toolsstable0.9.14-0.RC3.2all
phpgroupware-developer-toolsupdates0.9.14-0.RC3.2.woody2all
phpgroupware-djstable0.9.14-0.RC3.2all
phpgroupware-djupdates0.9.14-0.RC3.2.woody2all
phpgroupware-eldaptirstable0.9.14-0.RC3.2all
phpgroupware-eldaptirupdates0.9.14-0.RC3.2.woody2all
phpgroupware-emailstable0.9.14-0.RC3.2all
phpgroupware-emailupdates0.9.14-0.RC3.2.woody2all
phpgroupware-filemanagerstable0.9.14-0.RC3.2all
phpgroupware-filemanagerupdates0.9.14-0.RC3.2.woody2all
phpgroupware-forumstable0.9.14-0.RC3.2all
phpgroupware-forumupdates0.9.14-0.RC3.2.woody2all
phpgroupware-ftpstable0.9.14-0.RC3.2all
phpgroupware-ftpupdates0.9.14-0.RC3.2.woody2all
phpgroupware-headlinesstable0.9.14-0.RC3.2all
phpgroupware-headlinesupdates0.9.14-0.RC3.2.woody2all
phpgroupware-hrstable0.9.14-0.RC3.2all
phpgroupware-hrupdates0.9.14-0.RC3.2.woody2all
phpgroupware-imgstable0.9.14-0.RC3.2all
phpgroupware-imgupdates0.9.14-0.RC3.2.woody2all
phpgroupware-infologstable0.9.14-0.RC3.2all
phpgroupware-infologupdates0.9.14-0.RC3.2.woody2all
phpgroupware-invstable0.9.14-0.RC3.2all
phpgroupware-invupdates0.9.14-0.RC3.2.woody2all
phpgroupware-manualstable0.9.14-0.RC3.2all
phpgroupware-manualupdates0.9.14-0.RC3.2.woody2all
phpgroupware-messengerstable0.9.14-0.RC3.2all
phpgroupware-messengerupdates0.9.14-0.RC3.2.woody2all
phpgroupware-napsterstable0.9.14-0.RC3.2all
phpgroupware-napsterupdates0.9.14-0.RC3.2.woody2all
phpgroupware-news-adminstable0.9.14-0.RC3.2all
phpgroupware-news-adminupdates0.9.14-0.RC3.2.woody2all
phpgroupware-nntpstable0.9.14-0.RC3.2all
phpgroupware-nntpupdates0.9.14-0.RC3.2.woody2all
phpgroupware-notesstable0.9.14-0.RC3.2all
phpgroupware-notesupdates0.9.14-0.RC3.2.woody2all
phpgroupware-phonelogstable0.9.14-0.RC3.2all
phpgroupware-phonelogupdates0.9.14-0.RC3.2.woody2all
phpgroupware-phpsysinfostable0.9.14-0.RC3.2all
phpgroupware-phpsysinfoupdates0.9.14-0.RC3.2.woody2all
phpgroupware-phpwebhostingstable0.9.14-0.RC3.2all
phpgroupware-phpwebhostingupdates0.9.14-0.RC3.2.woody2all
phpgroupware-pollsstable0.9.14-0.RC3.2all
phpgroupware-pollsupdates0.9.14-0.RC3.2.woody2all
phpgroupware-preferencesstable0.9.14-0.RC3.2all
phpgroupware-preferencesupdates0.9.14-0.RC3.2.woody2all
phpgroupware-projectsstable0.9.14-0.RC3.2all
phpgroupware-projectsupdates0.9.14-0.RC3.2.woody2all
phpgroupware-registrationstable0.9.14-0.RC3.2all
phpgroupware-registrationupdates0.9.14-0.RC3.2.woody2all
phpgroupware-setupstable0.9.14-0.RC3.2all
phpgroupware-setupupdates0.9.14-0.RC3.2.woody2all
phpgroupware-skelstable0.9.14-0.RC3.2all
phpgroupware-skelupdates0.9.14-0.RC3.2.woody2all
phpgroupware-soapstable0.9.14-0.RC3.2all
phpgroupware-soapupdates0.9.14-0.RC3.2.woody2all
phpgroupware-stocksstable0.9.14-0.RC3.2all
phpgroupware-stocksupdates0.9.14-0.RC3.2.woody2all
phpgroupware-todostable0.9.14-0.RC3.2all
phpgroupware-todoupdates0.9.14-0.RC3.2.woody2all
phpgroupware-ttsstable0.9.14-0.RC3.2all
phpgroupware-ttsupdates0.9.14-0.RC3.2.woody2all
phpgroupware-wapstable0.9.14-0.RC3.2all
phpgroupware-wapupdates0.9.14-0.RC3.2.woody2all
phpgroupware-weatherstable0.9.14-0.RC3.2all
phpgroupware-weatherupdates0.9.14-0.RC3.2.woody2all
phpgroupware-xmlrpcstable0.9.14-0.RC3.2all
phpgroupware-xmlrpcupdates0.9.14-0.RC3.2.woody2all
phpgroupwarestable0.9.14-0.RC3.2all source
phpgroupwareupdates0.9.14-0.RC3.2.woody2all source

DSA 365 - several vulnerabilities

postfix-devstable1.1.11-0.woody2all
postfix-devupdates1.1.11-0.woody3all
postfix-docstable1.1.11-0.woody2all
postfix-docupdates1.1.11-0.woody3all
postfix-ldapstable1.1.11-0.woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfix-ldapupdates1.1.11-0.woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfix-mysqlstable1.1.11-0.woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfix-mysqlupdates1.1.11-0.woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfix-pcrestable1.1.11-0.woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfix-pcreupdates1.1.11-0.woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postfixstable1.1.11-0.woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
postfixupdates1.1.11-0.woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 363 - denial of service, bounce-scanning

libecpg3stable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libecpg3updates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgperlstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgperlupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgsql2stable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgsql2updates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgtclstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpgtclupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
odbc-postgresqlstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
odbc-postgresqlupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
pgaccessstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
pgaccessupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-clientstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-clientupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-contribstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-contribupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-devstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-devupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
postgresql-docstable7.2.1-2all
postgresql-docupdates7.2.1-2woody4all
postgresqlstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
postgresqlupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
python-pygresqlstable7.2.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
python-pygresqlupdates7.2.1-2woody4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 397 - buffer overflow

pptpdstable1.1.2-1.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
pptpdupdates1.1.2-1.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 295 - buffer overflow

procmailstable3.22-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
procmailupdates3.22-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Patched pipes.c to fix a memory allocation bug (Closes: #171514).

Can lead to data (=mail) loss

libproc-devstable1:2.0.7-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libproc-devupdates1:2.0.7-8.woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
procpsstable1:2.0.7-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
procpsupdates1:2.0.7-8.woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Fixes ps crash when system.map is exact multiple of 1024 Exact same patch as for 2.0.7-10 By happy coincidence Debian ships some kernels that have a System.map file that is modulo 1024.

python-pgsqlstable2.0-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
python-pgsqlupdates2.0-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
python2.1-pgsqlstable2.0-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
python2.1-pgsqlupdates2.0-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
python2.2-pgsqlstable2.0-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
python2.2-pgsqlupdates2.0-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

Fixes potential data loss due to broken string length calculation

radiusd-cistronstable1.6.6-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
radiusd-cistronupdates1.6.6-1woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 321 - buffer overflow

rocks-n-diamondsstable2.0.0-0.2alpha arm hppa i386 ia64 m68k mips mipsel s390 sparc source
rocks-n-diamondsstable2.0.0-0.2.1powerpc

Rocks-N-Diamonds contains sound, graphics and level data which violate section 2.3 of the Debian policy manual. Some of the game content originates with commercial sources that have not provided explicit permission for their reuse.

libpam-smbpassstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libpam-smbpassupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsmbclient-devstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsmbclient-devupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsmbclientstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsmbclientupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
samba-commonstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
samba-commonupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
samba-docstable2.2.3a-12all
samba-docupdates2.2.3a-12.3all
sambastable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
sambaupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
smbclientstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
smbclientupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
smbfsstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
smbfsupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
swatstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
swatupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
winbindstable2.2.3a-12alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
winbindupdates2.2.3a-12.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 262 - remote exploit

DSA 280 - buffer overflow

libsane-devstable1.0.7-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsane-devupdates1.0.7-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsanestable1.0.7-3.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsaneupdates1.0.7-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
sane-backendsstable1.0.7-3.2source
sane-backendsupdates1.0.7-4source

DSA 379 - several vulnerabilities

semistable1.14.3.cvs.2001.08.10-1all source
semiupdates1.14.3.cvs.2001.08.10-1woody2all source

DSA 339 - insecure temporary file

libmilter-devstable8.12.3-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmilter-devupdates8.12.3-6.6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
sendmail-docstable8.12.3-4all
sendmail-docupdates8.12.3-6.6all
sendmailstable8.12.3-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
sendmailupdates8.12.3-6.6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 278 - char-to-int conversion

DSA 384 - buffer overflows

sendmail-widestable8.12.3+3.5Wbeta-5.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
sendmail-wideupdates8.12.3+3.5Wbeta-5.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 290 - char-to-int conversion

DSA 384 - buffer overflows

shorewall-docstable1.2.12-1all
shorewall-docupdates1.2.12-2all
shorewallstable1.2.12-1all source
shorewallupdates1.2.12-2all source

* apply fix for shorewall not applying rate limiting, as defined in 'shorewall.conf' as 'LOGRATE' and 'LOGBURST', to the rfc1918 logging as it does with all other logging. This has denial of service potential on noisy networks. (closes: #206764)

* dh_installinit is not used anymore to install the init script, it is installed by hand to avoid automatically startup and shutdown of the firewall during upgrade, install and remove. This should prevent network blackouts (closes: #165477)

* the SUBSYSLOCK variable of shorewall.conf is set to "" because the initscript doesn't need it at all (closes: #209023)

The second change is the most important one since it can lock you out of the host due to automatic startup.

skkservstable10.62a-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
skkservupdates10.62a-4woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
skkstable10.62a-4all source
skkupdates10.62a-4woody1all source

DSA 343 - insecure temporary file

slashemstable0.0.6E4F8-4.0woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
slashemupdates0.0.6E4F8-4.0woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 316 - buffer overflow, incorrect permissions

slocatestable2.6-1.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
slocateupdates2.6-1.3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 252 - buffer overflow

smb2wwwstable980804-16all source
smb2wwwupdates980804-16.1all source

DSA 203 - arbitrary command execution

libsnmpkit-devstable0.9-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsnmpkit-devupdates0.9-4.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libsnmpkit2updates0.9-4.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
snmpkitstable0.9-1source
snmpkitupdates0.9-4.woody.2source

Due to a maintainer bug the package libsnmpkit1 did not only contain libsnmpkit2.so.* but also lacked the libsnmpkit2.so link. Hence, it's not exactly usable in woody. In turn this renders packages like pconf-detect, gnulpr and printtool useless.

snort-commonstable1.8.4beta1-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
snort-commonupdates1.8.4beta1-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
snort-docstable1.8.4beta1-3all
snort-docupdates1.8.4beta1-3.1all
snort-mysqlstable1.8.4beta1-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
snort-mysqlupdates1.8.4beta1-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
snort-rules-defaultstable1.8.4beta1-3all
snort-rules-defaultupdates1.8.4beta1-3.1all
snortstable1.8.4beta1-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
snortupdates1.8.4beta1-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 297 - integer overflow, buffer overflow

spamassassinstable2.20-1woodyalpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
spamassassinupdates2.20-1woody3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

2.20-1woody1 (pre-approved):

* The "I hate Osirusoft" release. The RBL relays.osirusoft.com has gone down, blacklisting every IP. As a result, every message gets an extra 3.0 points, causing many false positives.

* This release removes the osirusoft lookups.

2.20-1woody2 (not approved):

* The "I was born 29 years ago" release ;)

* Applied patch to solve a rounding problem from: http://bugzilla.spamassassin.org/show_bug.cgi?id=893

2.20-1woody3 (approved):

* Unfortunatelly 2.20-1woody2 was not supposed to hit incoming, since it was not an RC. This version has the patch unrolled.

squirrelmailstable1:1.2.6-1.2all source
squirrelmailupdates1:1.2.6-1.3all source

DSA 220 - cross site scripting

supstable1.8-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
supupdates1.8-8woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 353 - insecure temporary file

tcpdumpstable3.6.2-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
tcpdumpupdates3.6.2-2.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 255 - infinite loop

DSA 261 - infinite loop

tcptraceroutestable1.2-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source
tcptraceroutestable1.2-1.0.1s390
tcptracerouteupdates1.2-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 330 - failure to drop root privileges

teapop-mysqlstable0.3.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
teapop-mysqlupdates0.3.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
teapop-pgsqlstable0.3.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
teapop-pgsqlupdates0.3.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
teapopstable0.3.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
teapopupdates0.3.4-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 347 - SQL injection

thttpd-utilstable2.21b-11alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
thttpd-utilupdates2.21b-11.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
thttpdstable2.21b-11alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
thttpdupdates2.21b-11.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 396 - missing input sanitizing, wrong calculation

tmdastable0.51-1all source

Bug#219361: please remove tmda from stable

libapache-mod-jkstable3.3a-4i386
libapache-mod-jkupdates3.3a-4woody1i386
tomcatstable3.3a-4all source
tomcatupdates3.3a-4woody1all source

DSA 246 - information exposure, cross site scripting

libtomcat4-javastable4.0.3-3woody1all
libtomcat4-javaupdates4.0.3-3woody3all
tomcat4-webappsstable4.0.3-3woody1all
tomcat4-webappsupdates4.0.3-3woody3all
tomcat4stable4.0.3-3woody1all source
tomcat4updates4.0.3-3woody3all source

DSA 225 - source disclosure

DSA 395 - incorrect input handling

traceroute-nanogstable6.1.1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
traceroute-nanogupdates6.1.1-1.3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 254 - buffer overflow

DSA 348 - integer overflow, buffer overflow

typespeedstable0.4.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
typespeedupdates0.4.1-2.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 322 - buffer overflow

unzipstable5.50-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
unzipupdates5.50-1woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 344 - directory traversal

bsdutilsstable1:2.11n-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bsdutilsupdates1:2.11n-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mountstable2.11n-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mountupdates2.11n-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
util-linux-localesstable2.11n-4all
util-linux-localesupdates2.11n-7all
util-linuxstable2.11n-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
util-linuxupdates2.11n-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Backport of rtc handling fix for newer Linux kernels (2.4.19 and newer report ENOTTY instead of EINVAL if the RTC_UIE_ON ioctl() is not implemented for the particular system, which is the case on some non-i386 systems), patch from Maciej W. Rozycki <macro@ds2.pg.gda.pl>. Fixes: #163851 Without the fix, the installation process will not work correctly on the affected platforms.

w3m-imgstable0.3-2alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
w3m-imgupdates0.3-2.4alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
w3mstable0.3-2alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc source
w3mupdates0.3-2.4alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc source

DSA 251 - missing HTML quoting

w3m-sslstable0.3-2alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc source
w3m-sslupdates0.3-2.4alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc source

DSA 251 - missing HTML quoting

w3mmee-imgstable0.3.p23.3-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
w3mmee-imgupdates0.3.p23.3-1.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
w3mmeestable0.3.p23.3-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
w3mmeeupdates0.3.p23.3-1.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 249 - missing HTML quoting

w3mmee-sslstable0.3.p23.3-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
w3mmee-sslupdates0.3.p23.3-1.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 250 - missing HTML quoting

webfsstable1.17alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
webfsupdates1.17.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 328 - buffer overflow

DSA 392 - buffer overflows, file and directory exposure

wemistable1.14.0.20010802wemiko-1.2all source
wemiupdates1.14.0.20010802wemiko-1.3woody1all source

DSA 339 - insecure temporary file

wu-ftpd-academstable2.6.2-3all
wu-ftpd-academupdates2.6.2-3woody2all
wu-ftpdstable2.6.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
wu-ftpdupdates2.6.2-3woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 357 - remote root exploit

DSA 377 - insecure program execution

x-face-elstable1.3.6.19-1all source
x-face-elupdates1.3.6.19-1woody1all source

DSA 340 - insecure temporary file

xblstable1.0k-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xblupdates1.0k-3woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 327 - buffer overflows

DSA 345 - buffer overflow

lbxproxystable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
lbxproxyupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps-devstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps-devupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps1-dbgstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps1-dbgupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps1stable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdps1updates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6-dbgstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6-dbgupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6-devstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6-devupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6stable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw6updates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7-dbgstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7-dbgupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7-devstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7-devupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7stable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libxaw7updates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
proxymngrstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
proxymngrupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
twmstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
twmupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
x-window-system-corestable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
x-window-system-coreupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
x-window-systemstable4.1.0-16all
x-window-systemupdates4.1.0-16woody1all
xbase-clientsstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xbase-clientsupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xdmstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xdmupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xfonts-100dpi-transcodedstable4.1.0-16all
xfonts-100dpi-transcodedupdates4.1.0-16woody1all
xfonts-100dpistable4.1.0-16all
xfonts-100dpiupdates4.1.0-16woody1all
xfonts-75dpi-transcodedstable4.1.0-16all
xfonts-75dpi-transcodedupdates4.1.0-16woody1all
xfonts-75dpistable4.1.0-16all
xfonts-75dpiupdates4.1.0-16woody1all
xfonts-base-transcodedstable4.1.0-16all
xfonts-base-transcodedupdates4.1.0-16woody1all
xfonts-basestable4.1.0-16all
xfonts-baseupdates4.1.0-16woody1all
xfonts-cyrillicstable4.1.0-16all
xfonts-cyrillicupdates4.1.0-16woody1all
xfonts-pexstable4.1.0-16all
xfonts-pexupdates4.1.0-16woody1all
xfonts-scalablestable4.1.0-16all
xfonts-scalableupdates4.1.0-16woody1all
xfree86-commonstable4.1.0-16all
xfree86-commonupdates4.1.0-16woody1all
xfree86stable4.1.0-16source
xfree86updates4.1.0-16woody1source
xfsstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xfsupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xfwpstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xfwpupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlib6g-devstable4.1.0-16all
xlib6g-devupdates4.1.0-16woody1all
xlib6gstable4.1.0-16all
xlib6gupdates4.1.0-16woody1all
xlibmesa-devstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibmesa-devupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibmesa3-dbgstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibmesa3-dbgupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibmesa3stable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibmesa3updates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibosmesa-devstable4.1.0-16alpha i386 ia64 powerpc sparc
xlibosmesa-devupdates4.1.0-16woody1alpha i386 ia64 powerpc sparc
xlibosmesa3-dbgstable4.1.0-16alpha i386 ia64 powerpc sparc
xlibosmesa3-dbgupdates4.1.0-16woody1alpha i386 ia64 powerpc sparc
xlibosmesa3stable4.1.0-16alpha i386 ia64 powerpc sparc
xlibosmesa3updates4.1.0-16woody1alpha i386 ia64 powerpc sparc
xlibs-dbgstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibs-dbgupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibs-devstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibs-devupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibs-picstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibs-picupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibsstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xlibsupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xmhstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xmhupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xneststable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xnestupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xprtstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xprtupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xserver-commonstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xserver-commonupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xserver-xfree86stable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc
xserver-xfree86updates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc
xspecsstable4.1.0-16all
xspecsupdates4.1.0-16woody1all
xtermstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xtermupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xutilsstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xutilsupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xvfbstable4.1.0-16alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xvfbupdates4.1.0-16woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

DSA 380 - buffer overflows, denial of service

xfsdumpstable2.0.1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xfsdumpupdates2.0.1-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 283 - insecure file creation

xfsttstable1.2.1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xfsttupdates1.2.1-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 360 - several vulnerabilities

xgalagastable2.0.34-18alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source
xgalagastable2.0.34-18.0.1s390
xgalagaupdates2.0.34-19woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 334 - buffer overflows

xncstable4.4.7-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xncupdates4.4.7-3.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Version prepared for 3.0r1. Closes: #149191

* Previous version was causing Debian menu system breakage when installed. Update-menus was completly disfunctional. The fix is more than trivial - required me to change 2 chars in rules, and add "_" to two filenames. Please let this version go into stable.

xpdf-commonstable1.00-3all
xpdf-commonupdates1.00-3.1all
xpdf-readerstable1.00-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xpdf-readerupdates1.00-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xpdf-utilsstable1.00-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xpdf-utilsupdates1.00-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
xpdfstable1.00-3all source
xpdfupdates1.00-3.1all source

DSA 222 - integer overflow

xtokkaetamastable1.0b-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xtokkaetamaupdates1.0b-6woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

DSA 356 - buffer overflows

zblast-datastable1.2pre-5all
zblast-dataupdates1.2pre-5woody2all
zblast-svgalibstable1.2pre-5alpha i386
zblast-svgalibupdates1.2pre-5woody2i386
zblast-x11stable1.2pre-5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zblast-x11updates1.2pre-5woody2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zblaststable1.2pre-5source
zblastupdates1.2pre-5woody2source

DSA 369 - buffer overflow

The alpha build failed completely because svgalib doesn't exist on alpha anymore in woody (i.e., its build-depends could not even be met), so I had to disable it. Hence, the alpha package needs to be removed.

zlib-binstable1:1.1.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib-binupdates1:1.1.4-1.0woody0alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib1-altdevstable1:1.1.4-1i386
zlib1-altdevupdates1:1.1.4-1.0woody0i386
zlib1g-devstable1:1.1.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib1g-devupdates1:1.1.4-1.0woody0alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib1gstable1:1.1.4-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib1gupdates1:1.1.4-1.0woody0alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
zlib1stable1:1.1.4-1i386
zlib1updates1:1.1.4-1.0woody0i386
zlibstable1:1.1.4-1source
zlibupdates1:1.1.4-1.0woody0source

* Define HAS_vsnprintf in gzio.c in order to avoid buffer overflows (closes: #184763).

* Remove user Emacs variables from changelog.

Fixes CAN-2003-0107 according to Mark Brown

Requires further Investigation

These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment.

Another reason could be that released and updated architectures are not yet in sync.

acorn-fdiskstable3.0.6-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
acorn-fdiskupdates3.0.6-4woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

Rebuild for stable since required for working boot-floppies; otherwise identical to 3.0.6-5.

atari800stable1.2.2-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
atari800updates1.2.2-1woody2alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source

DSA 359 - buffer overflows


MISSING mipsel

bind9-docstable1:9.2.1-2.woody.1all
bind9-docupdates1:9.2.1-2.woody.2all
bind9-hoststable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bind9-hostupdates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
bind9stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
bind9updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
dnsutilsstable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
dnsutilsupdates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libbind-devstable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libbind-devupdates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdns5stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libdns5updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisc4stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisc4updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisccc0stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisccc0updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisccfg0stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libisccfg0updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
liblwres1stable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
liblwres1updates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
lwresdstable1:9.2.1-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
lwresdupdates1:9.2.1-2.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

No change upload to clean up parser errors.... Closes: #179311

catdocstable0.91.5-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
catdocupdates0.91.5-1.99woody.1alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Fixed insecure /tmp use (closes: #183525)

* Fix backported from 0.91.5-2 because it fixes a security problem.


MISSING arm

cfsstable1.4.1-7alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
cfsupdates1.4.1-7.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

upload to woody; cfs is not usable on s390 due to an internal compiler error (most probably), see bug #151564; needs to be rebuilt with gcc-2.95 from woody 3.0r1; no more changes than this changelog entry.

TODO: Review changes

conqueststable7.1.1-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
conquestupdates7.1.1-6woody1mipsel
conquestupdates7.1.1-6woody2alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source

DSA 398 - buffer overflow

Fix group-checking in postinst and postrm, which makes updates impossible. closes: Bug#220650


MISSING mipsel

console-commonstable0.7.14all source
console-commonupdates0.7.14woody1all source
dh-consoledatastable0.7.14all
dh-consoledataupdates0.7.14woody1all

Support the Acorn RiscStation architecture.

Alastair McKinstry: The console-common change for Acorn RiscStation is included in the current boot-floppies since 2002/08/12; it is in kbdconfig.c 1.68; boot-floppies 3.0.23 shipped with kbdconfig.c 1.66. As I understand it, this is not the current shipping woody, but these machines only boot with this updated, modified boot-floppies and console-common.

Hence, only needed for updated boot-floppies, probably for r3 then.

debootstrap-udebupdates0.1.17.7woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
debootstrapstable0.1.17alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
debootstrapupdates0.1.17.7woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* NMU

* Rebuild of 0.1.17.8 for woody to pull in race condition fix and missing package dependency fixes, among others.

* NMU versioned the way it is so that dpkg doesn't think 0.1.17.[1-7] is newer than this release, but "upgrades" (actually sidegrades) to 0.1.17.8 are still straightforward.

TODO: Why?

James once said that -udeb packages won't appear in stable, so this should not be a problem.

chill-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
chill-2.95stable1:2.95.4-7mips mipsel sparc
chill-2.95updates1:2.95.4-11woody1mips mipsel
cpp-2.95-docstable1:2.95.4-11woody1all
cpp-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
cpp-2.95stable1:2.95.4-7mips mipsel sparc
cpp-2.95updates1:2.95.4-11woody1mips mipsel
g++-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
g++-2.95stable1:2.95.4-7mips mipsel sparc
g++-2.95updates1:2.95.4-11woody1mips mipsel
g77-2.95-docstable1:2.95.4-11woody1all
g77-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
g77-2.95stable1:2.95.4-7mips mipsel sparc
g77-2.95updates1:2.95.4-11woody1mips mipsel
gcc-2.95-docstable1:2.95.4-11woody1all
gcc-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
gcc-2.95stable1:2.95.4-7mips mipsel sparc
gcc-2.95stable2.95.4.ds13-11woody1source
gcc-2.95updates1:2.95.4-11woody1mips mipsel
gobjc-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
gobjc-2.95stable1:2.95.4-7mips mipsel sparc
gobjc-2.95updates1:2.95.4-11woody1mips mipsel
gpc-2.95-docstable1:2.95.4-11woody1all
gpc-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
gpc-2.95stable1:2.95.4-7mips mipsel sparc
gpc-2.95updates1:2.95.4-11woody1mips mipsel
libg++2.8.1.3-dbgstable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libg++2.8.1.3-dbgstable1:2.95.4-7mips mipsel sparc
libg++2.8.1.3-dbgupdates1:2.95.4-11woody1mips mipsel
libg++2.8.1.3-devstable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libg++2.8.1.3-devstable1:2.95.4-7mips mipsel sparc
libg++2.8.1.3-devupdates1:2.95.4-11woody1mips mipsel
libg++2.8.1.3-glibc2.2stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libg++2.8.1.3-glibc2.2stable1:2.95.4-7mips mipsel sparc
libg++2.8.1.3-glibc2.2updates1:2.95.4-11woody1mips mipsel
libstdc++2.10-dbgstable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libstdc++2.10-dbgstable1:2.95.4-7mips mipsel sparc
libstdc++2.10-dbgstable1:2.96-8ia64
libstdc++2.10-dbgupdates1:2.95.4-11woody1mips mipsel
libstdc++2.10-devstable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libstdc++2.10-devstable1:2.95.4-7mips mipsel sparc
libstdc++2.10-devstable1:2.96-8ia64
libstdc++2.10-devupdates1:2.95.4-11woody1mips mipsel
libstdc++2.10-glibc2.2stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
libstdc++2.10-glibc2.2stable1:2.95.4-7mips mipsel sparc
libstdc++2.10-glibc2.2stable1:2.96-8ia64
libstdc++2.10-glibc2.2updates1:2.95.4-11woody1mips mipsel
protoize-2.95stable1:2.95.4-11woody1alpha arm i386 m68k powerpc s390
protoize-2.95stable1:2.95.4-7mips mipsel sparc
protoize-2.95updates1:2.95.4-11woody1mips mipsel

Bring architectures back in sync


MISSING mipsel

gpsstable0.9.4-1alpha arm i386 m68k mips mipsel powerpc s390 sparc source
gpsstable0.9.4-1.0.1hppa ia64
gpsupdates0.9.4-1woody1alpha arm i386 m68k mips mipsel powerpc s390 sparc source
rgpspstable0.9.4-1alpha arm i386 m68k mips mipsel powerpc s390 sparc
rgpspstable0.9.4-1.0.1hppa ia64
rgpspupdates0.9.4-1woody1alpha arm i386 m68k mips mipsel powerpc s390 sparc

DSA 307 - multiple vulnerabilities


MISSING hppa
MISSING ia64

kaffestable1:1.0.5e-0.4arm
kaffestable1:1.0.5e-0.5alpha i386 m68k sparc source
kaffeupdates1:1.0.5e-1i386 source

* Fixed a problem detecting time.h during build, source wouldn't compile.

* Changed temporary file name allocation to use mktemp in the kaffe wrapper for security reasons, closes: #191866

TODO: Review the changes


MISSING alpha
MISSING arm
MISSING m68k
MISSING sparc

kernel-headers-2.4.18-bf2.4stable2.4.18-5i386
kernel-headers-2.4.18-bf2.4updates2.4.18-5woody4i386
kernel-image-2.4.18-bf2.4stable2.4.18-5i386
kernel-image-2.4.18-bf2.4updates2.4.18-5woody4i386
kernel-image-2.4.18-i386bfstable2.4.18-5source
kernel-image-2.4.18-i386bfupdates2.4.18-5woody4source

DSA 311 - several vulnerabilities

pcmcia-modules-2.4.18-bf2.4:

Depends: kernel-image-2.4.18-bf2.4 (= 2.4.18-5)

This kernel would make pcmcia users lose their pcmcia stuff.

*Bummer*

kernel-headers-2.4.17-ia64stable011226.13ia64
kernel-image-2.4.17-ia64stable011226.13source
kernel-image-2.4.17-itanium-smpstable011226.13ia64
kernel-image-2.4.17-itaniumstable011226.13ia64
kernel-image-2.4.17-mckinley-smpstable011226.13ia64
kernel-image-2.4.17-mckinleystable011226.13ia64
kernel-source-2.4.17-ia64stable011226.13all
kernel-headers-2.4.19-ia64updates020821.1ia64
kernel-image-2.4.19-ia64updates020821.1source
kernel-image-2.4.19-itanium-smpupdates020821.1ia64
kernel-image-2.4.19-itaniumupdates020821.1ia64
kernel-image-2.4.19-mckinley-smpupdates020821.1ia64
kernel-image-2.4.19-mckinleyupdates020821.1ia64
kernel-source-2.4.19-ia64updates020821.1all

* initial release of kernel image packages for ia64 based on 2.4.19

* turn off broadcom gigE driver, change tg3 from module to built-in

* lose several patches from previous kernel builds now merged upstream

* update config files for 2.4.19

New packages, rationale still:

The 2.4.17 bits which were used to generate the original woody boot floppies have some ugly bugs, are not being updated, and generally are not useful any more. Every problem reported on debian-ia64 starts with a request that the user move to at least 2.4.19.

HP has shipped products using the 2.4.19 and 2.4.20 kernel images currently in Debian's mirror network, which means they've been through serious testing and meet HP product quality standards. The same is not true of the 2.4.17 images, as woody was released before HP shipped our first Itanium 2 products.

Some newer systems cannot even be installed with 2.4.17 based boot floppies, we work around that by making alternate installation media available from HP based on fresher kernels. Even on the systems where 2.4.17 is ok for install, I don't recommend anyone run a 2.4.17 kernel on any real system.

When new boot-floppies are uploaded, they'll use this kernel, then the kernel will be updated as well.

TODO: New boot-floppies, contact Bdale

kernel-patch-2.4-grsecuritystable1.9.4-1all source
kernel-patch-2.4-grsecurityupdates1.9.4-3all source

* Removed patch bit that sets EXTRAVERSION. (closes: Bug#182183)

* Fix to work with ptrace fixed 2.4.18 (otherwise the patch fails to apply rendering it useless, hence medium urgency). (closes: Bug#194523)

This update may be suited for Debian stable, however, an official security update would be good.

kernel-doc-2.2.20updates2.2.20-5woody2all
kernel-source-2.2.20updates2.2.20-5woody2all source

DSA 336 - several vulnerabilities

New packages

If two older kernel packages can be removed, this can creep in since it is a security update.

libgtop-daemonstable1.0.13-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libgtop-daemonupdates1.0.13-3.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libgtop-devstable1.0.13-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libgtop-devupdates1.0.13-3.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libgtop1stable1.0.13-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libgtop1updates1.0.13-3.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libgtopstable1.0.13-3source
libgtopupdates1.0.13-3.1source

DSA 301 - buffer overflow


MISSING mips
MISSING mipsel

lsbstable1.1.0-11all source
lsbupdates1.2-5.woody.1all source

Support LSB 1.2 in woody. Includes all changes through 1.2-6 in sid.

This package is not sufficient to make Debian stable LSB 1.3 compliant. The only approved LSB version is 1.3. According to Anthony also required: alien, kernel-(headers|source|image) 2.4.19 and glibc, pax. According to Tobias Burnus start-stop-daemon needs to be altered as well. lsb.deb needs another backport.

Matt Taggart wrote: The separate OpenI18N standard was merged into the LSB at 1.3 so there are additional requirements that are being tested for now. These are mostly requirements on the commands provided by the LSB and _will_ require patches to fix. I do not know if the patches have been accepted upstream yet. There's a rumor that they affect performance. there may need to be additional changes to glibc for the new test suites.

I don't think that we can meet the LSB 1.3 with Debian stable without too many changes, hence LSB updates will be rejected.

Newsflash: Maybe it's still possible to meet the LSB testsuite. To be discussed after 3.0r2.

masqmailstable0.1.16-2.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
masqmailupdates0.1.17-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* fixed a segfault bug

TODO: What bug?

nbd-clientstable1:1.2cvs20020320-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nbd-clientupdates1:1.2cvs20020320-3.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nbd-serverstable1:1.2cvs20020320-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nbd-serverupdates1:1.2cvs20020320-3.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
nbdstable1:1.2cvs20020320-3source
nbdupdates1:1.2cvs20020320-3.woody.1source

* Backported the following fixes to serious bugs from unstable version:

- rewrite /etc/nbd-server, even if it doesn't exist yet (not doing so makes package uninstallable)

- make sure nbd-server.init.d doesn't kill itself (not doing so breaks upgrades, while also rendering the 'stop' target quite useless)

This closes: #179334, whilst also re-closing some bugs that should've been fixed when woody was still 'frozen' instead of 'stable'.

Upon installation, /etc/nbd-server is now generated, since the postinst fails at its end, but the package is installed fine. Hence, it is not uninstallable and therefore there's no urgent need to update this package.

Bug in postinst in 1.2cvs20020320-3.woody.1: $TEMPFILE is not removed and will clutter /tmp .

nethack-commonstable3.4.0-3.0woody1alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
nethack-commonupdates3.4.0-3.0woody3sparc
nethack-commonupdates3.4.0-3.0woody4alpha arm hppa i386 m68k mips mipsel powerpc s390
nethack-gnomestable3.4.0-3.0woody1alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
nethack-gnomeupdates3.4.0-3.0woody3sparc
nethack-gnomeupdates3.4.0-3.0woody4alpha arm hppa i386 m68k mips mipsel powerpc s390
nethack-qtstable3.4.0-3.0woody1alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
nethack-qtupdates3.4.0-3.0woody3sparc
nethack-qtupdates3.4.0-3.0woody4alpha arm hppa i386 m68k mips mipsel powerpc s390
nethack-x11stable3.4.0-3.0woody1alpha arm hppa i386 m68k mips mipsel powerpc s390 sparc
nethack-x11updates3.4.0-3.0woody3sparc
nethack-x11updates3.4.0-3.0woody4alpha arm hppa i386 m68k mips mipsel powerpc s390
nethackstable3.4.0-3.0woody1all source
nethackupdates3.4.0-3.0woody4all source

DSA 316 - buffer overflow, incorrect permissions

* Force a build with gcc-3.0 to fix compiler bug that caused invisible doors on alpha.

I hope that this does not introduce more unexpected "features".


MISSING sparc

nofflestable1.0.1-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
noffleupdates1.0.1-1.1.woody.2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

1.0.1-1.1:

DSA 244 - buffer overflows

1.0.1-1.1.woody.1:

* Fixed init script which broke new noffle installations, closes: #181283. Explanation: noffle was run as user root in /etc/init.d/noffle, and created a root-owned lock file, which prevented noffle from being run as user news from inetd, cron scripts, etc.

1.0.1-1.1.woody.2:

* Let noffle switch to news:news on startup when root is calling, prevents root exploits and bad ownerships in the spool directory, e.g. when running 'noffle --query' as root, closes: #168128.

libparted1.4-dbgstable1.4.24-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libparted1.4-dbgupdates1.4.24-4.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libparted1.4-devstable1.4.24-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libparted1.4-devupdates1.4.24-4.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libparted1.4-i18nstable1.4.24-4all
libparted1.4-i18nupdates1.4.24-4.woody.1all
libparted1.4stable1.4.24-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libparted1.4updates1.4.24-4.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
parted-bfstable1.4.24-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
parted-bfupdates1.4.24-4.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
parted-docstable1.4.24-4all
parted-docupdates1.4.24-4.woody.1all
partedstable1.4.24-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
partedupdates1.4.24-4.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

TODO: Why should this be added to Debian stable?

pcmcia-modules-2.4.18-bf2.4stable3.1.33-6k5i386
pcmcia-modules-2.4.18-bf2.4updates3.1.33-6woody1k5woody3i386

DSA 311 - several vulnerabilities

Depends: kernel-image-2.4.18-bf2.4 (= 2.4.18-5woody3)

kernel-image-2.4.18-i386bf is at version 2.4.18-5woody4

*Bummer*

phpmyadminstable2.2.3-1all source
phpmyadminupdates2.5.2-1woody2.1all source

* Stable security backport, closes: #203233.

* The upstream also fixes XSS vulnerabilities, information encoding weakness and transversal directory attack. This was mentioned in Debian.NEWS file only, not changelog.Debian file. See http://www.securityfocus.com/archive/1/325641. Closes: #203092.

* CVS fix: another patch for path disclosure problem.

* CVS fix: a user could not edit his own global privileges.

rinetdstable0.61-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
rinetdupdates0.61-1.1alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc source

DSA 289 - incorrect memory resizing


MISSING i386

seti-appletstable0.2.2-1.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
seti-appletupdates0.2.2-2alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source

* Added CFLAGS and CONFIG_FLAGS to find libgtop header files. (Closes: #140659)

* Fixed installation (Closes: #168930)

* Delete symlink on clean target, so that subsequent builds don't fail.

Amaya: The version in stable didn't build from source or install. This upload fixes that. No changes in the orignial package, just in the debian/ dir. No new features, no new bugs.


MISSING mipsel

tigerstable2.2.4-22alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
tigerupdates2.2.4-23alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Upload to the proposed-updates queue to be considered by the Release Manager. This version generated for the benefit of stable users (which are still encouraged to use 3.2 since it fixes many more bugs and can be backported easily, but still). This package fixes some open (and important) bugs including a security bug and also updates data (DSA listing) to latest available information. Bugs fixed:

* Fixed buffer overflow discovered by Steve Grub in realpath.c this might be able to be locally exploited if a user can make a _very_ long path in the system but it might be difficult to pull off local privilege escalation with this one. Still, worth fixing. The fix has been backported from the 3.2 version.

* Fixed the installation so all scripts are set as executable (I'm not incorporating all the Makefile changes done on 3.2 but it's now better) this has the side effect of now setting check_listeningprocs executable and properly installing check_sendmail (Closes: #157695, #172377)

* No longer depends on essential packages as per policy, since there are no known versioned dependancies (there are for the 3.x release) for any of them (Closes: #170461)

* Updated deb_advisories to include all the latest Debian Security Advisories so that the deb_checkadvisories check makes sense (was over a year out of date). Notice that, without this update the deb_checkadvisories is useless. This check is still useful for those running a system without internet access (i.e. cannot check updates at security.debian.org). If there is a new release of the CD images this might turn out useful for users updating through CD.

wgetstable1.8.1-6alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
wgetupdates1.8.1-6.1alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source

DSA 209 - directory traversal


MISSING mipsel

xaosstable3.0-23alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source
xaosstable3.0-23.0.1s390
xaosupdates3.0-23woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source

DSA 310 - improper setuid-root execution


MISSING s390

yabootstable1.3.6-1powerpc source
yabootupdates1.3.10-0woody1powerpc source

* Backport yaboot 1.3.10 to stable (See bug #190439).

- This is necessary to boot/install on recent Apple hardware.

- Ethan reports that the one line change between 1.3.9 and 1.3.10 is critical.

Rejected Packages

These packages don't meet the requirements and will be rejected (if katie supports that, otherwise we'll just carry them with us until the end of time).

cactistable0.6.7-2all source
cactiupdates0.6.7-4all source

Misc bugfixes, not applicable for Debian stable.

Overrides the security update

file-mmagicstable1.15-2source
file-mmagicupdates1.15-3woody1source
libfile-mmagic-perlstable1.15-2all
libfile-mmagic-perlupdates1.15-3woody1all

Removed invalid character in audio/x-wav.

Not applicable for Debian stable

galeon-commonstable1.2.5-0.woody.1all
galeon-commonupdates1.2.5-0.woody.3all
galeon-nautilusstable1.2.5-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
galeon-nautilusupdates1.2.5-0.woody.3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
galeonstable1.2.5-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc source
galeonupdates1.2.5-0.woody.3alpha arm hppa i386 ia64 m68k powerpc s390 sparc source

* Rebuild for woody against new mozilla package (closes: #188187)

Not needed due to rejected mozilla

gsstable6.53-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
gsupdates6.53-3.woody1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Rebuild the last changes for woody.

* Change build dependency back to libgimpprint-dev.

Not applicable for Debian stable

initrd-toolsstable0.1.32woody.3all source
initrd-toolsupdates0.1.32woody.5all source

* Load IDE PCI drivers if present.

* Handle ide module names from ac tree.

* Fixed merge errors in IDE change.

Doesn't seem applicable for Debian stable

* New upstream release.

Binary packages got lost anyway...

kernel-headers-2.2.25updates2.2.25-1alpha
kernel-image-2.2.25-alphaupdates2.2.25-1source
kernel-image-2.2.25-genericupdates2.2.25-1alpha
kernel-image-2.2.25-jensenupdates2.2.25-1alpha
kernel-image-2.2.25-nautilusupdates2.2.25-1alpha
kernel-image-2.2.25-smpupdates2.2.25-1alpha

* New upstream release.

. Fixes the ptrace security hole.

kernel-headers-2.2.25-compactupdates2.2.25-1i386
kernel-headers-2.2.25-idepciupdates2.2.25-1i386
kernel-headers-2.2.25updates2.2.25-1i386
kernel-image-2.2.25-compactupdates2.2.25-1i386
kernel-image-2.2.25-i386updates2.2.25-1source
kernel-image-2.2.25-idepciupdates2.2.25-1i386
kernel-image-2.2.25updates2.2.25-1i386

* New upstream release.

. Fixes the ptrace security hole.

kernel-headers-2.4.18-genericstable2.4.18-5.0.1alpha
kernel-headers-2.4.18-1-genericupdates2.4.18-10alpha
kernel-headers-2.4.18-smpstable2.4.18-5.0.1alpha
kernel-headers-2.4.18-1-smpupdates2.4.18-10alpha
kernel-headers-2.4.18stable2.4.18-5.0.1alpha
kernel-headers-2.4.18-1updates2.4.18-10alpha
kernel-image-2.4.18-alphastable2.4.18-5source
kernel-image-2.4.18-1-alphaupdates2.4.18-10source
kernel-image-2.4.18-genericstable2.4.18-5.0.1alpha
kernel-image-2.4.18-1-genericupdates2.4.18-10alpha
kernel-image-2.4.18-smpstable2.4.18-5.0.1alpha
kernel-image-2.4.18-1-smpupdates2.4.18-10alpha

DSA 358 - several vulnerabilities

The bugfix changed the modules ABI, so the package name is changed, but it is the same code + security patches only. However, then the packages cannot be updated unless all modules packages that depend on them were altered as well.

kernel-headers-2.4.18-386stable2.4.18-5i386
kernel-headers-2.4.18-1-386updates2.4.18-11i386
kernel-headers-2.4.18-586tscstable2.4.18-5i386
kernel-headers-2.4.18-1-586tscupdates2.4.18-11i386
kernel-headers-2.4.18-686-smpstable2.4.18-5i386
kernel-headers-2.4.18-1-686-smpupdates2.4.18-11i386
kernel-headers-2.4.18-686stable2.4.18-5i386
kernel-headers-2.4.18-1-686updates2.4.18-11i386
kernel-headers-2.4.18-k6stable2.4.18-5i386
kernel-headers-2.4.18-1-k6updates2.4.18-11i386
kernel-headers-2.4.18-k7stable2.4.18-5i386
kernel-headers-2.4.18-1-k7updates2.4.18-11i386
kernel-headers-2.4.18stable2.4.18-5i386
kernel-headers-2.4.18-1updates2.4.18-11i386
kernel-image-2.4.18-386stable2.4.18-5i386
kernel-image-2.4.18-1-386updates2.4.18-11i386
kernel-image-2.4.18-586tscstable2.4.18-5i386
kernel-image-2.4.18-1-586tscupdates2.4.18-11i386
kernel-image-2.4.18-686-smpstable2.4.18-5i386
kernel-image-2.4.18-1-686-smpupdates2.4.18-11i386
kernel-image-2.4.18-686stable2.4.18-5i386
kernel-image-2.4.18-1-686updates2.4.18-11i386
kernel-image-2.4.18-k6stable2.4.18-5i386
kernel-image-2.4.18-1-k6updates2.4.18-11i386
kernel-image-2.4.18-k7stable2.4.18-5i386
kernel-image-2.4.18-1-k7updates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-386stable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-386updates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-586tscstable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-586tscupdates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-686-smpstable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-686-smpupdates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-686stable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-686updates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-k6stable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-k6updates2.4.18-11i386
kernel-pcmcia-modules-2.4.18-k7stable2.4.18-5i386
kernel-pcmcia-modules-2.4.18-1-k7updates2.4.18-11i386

DSA 358 - several vulnerabilities

The bugfix changed the modules ABI, so the package name is changed, but it is the same code + security patches only. However, then the packages cannot be updated unless all modules packages that depend on them were altered as well.

kernel-image-2.4-genericupdates2.4.20-1woody.8alpha
kernel-image-2.4-smpupdates2.4.20-1woody.8alpha

* New upstream release.

* Added kernel-image-2.4-* packages.

* Added kernel-image udebs.

Some binary packages got lost anyway

kernel-build-2.4.19updates2.4.19-1arm
kernel-headers-2.4.19updates2.4.19-1arm
kernel-image-2.4.19-armupdates2.4.19-1source
kernel-image-2.4.19-lartupdates2.4.19-1arm
kernel-image-2.4.19-netwinderupdates2.4.19-1arm
kernel-image-2.4.19-riscpcupdates2.4.19-1arm
kernel-image-2.4.19-riscstationupdates2.4.19-1arm
kernel-image-2.4.19-sharkupdates2.4.19-1arm

* Initial upload to build the various ARM kernel-images from one package, much like it is done for i386.

* Makefile.diff works around too long argument lists

* Makefile_scsi.diff adds scsi_error.o and scsi_ioctl.o to export-objs in drivers/scsi/Makefile

* Makefile_scsi_ioctl.patch exports a needed symbol for the netwinder images to resolve some undefined references in the scsi modules

* get_lost_old_nettrom.patch quick and dirty hack so that CATS can boot

* ptrace.patch fixes the ptrace vulnerability

New packages

kernel-image-2.4-386updates2.4.20-3woody.7i386
kernel-image-2.4-586tscupdates2.4.20-3woody.7i386
kernel-image-2.4-686-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-686updates2.4.20-3woody.7i386
kernel-image-2.4-k6updates2.4.20-3woody.7i386
kernel-image-2.4-k7-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-k7updates2.4.20-3woody.7i386

* New upstream release.

* Renamed packet-socket udeb to socket-modules.

* Added unix.o to socket-modules.

* Added aacraid to scsi-modules udeb.

* Added pcnet32 to nic-modules-extra.

* Added kernel-image-2.4-* packages.

* Enabled CONFIG_ACPI as a module.

* Enabled HIGHMEM4G on 686, 686-smp and k7.

* Enabled CONFIG_IDEDMA_PCI_AUTO.

* Added k7-smp flavour.

* Added floppy-modules udeb.

* Enabled CONFIG_AIC7XXX_PROBE_EISA_VL.

* Call dh_installdocs for kernel-pcmcia-modules.

* Enabled sunhme.

* Updated dependency versioned on initrd-tools since 2.4.19 broke modprobe inside the initrd.

* Moved udebs to standalone source package.

* Fixed i386 lcall DoS (Petr Vandrovec).

Junichi says: that leaves ALSA etc. modules out of sync, doesn't it? There are several module packages that would be made uninstallable if you remove those kernel packages.

Hence, we'll need to wait for all modules packages to appear as well until the kernel may be installed.

Packages to remove: remove kernel-image-2.4.16-i386_2.4.16-1_i386.changes remove kernel-image-2.4.18-i386_2.4.18-5_i386.changes

New packages

Some included packages got lost anyway

kernel-headers-2.4.19updates2.4.19-0.woody.2s390
kernel-image-2.4.19-s390updates2.4.19-0.woody.2s390 source

* New upstream release.

* Replaced 2.4.17-patches by the initial 2.4.19-patch from the IBM Developerworks website (released on 2002.09.13). This patch includes the source code for the qdio I/O-driver which was only available as object code only module so far, and support for the new zSeries FCP attachment for SCSI.

* Integrated a new kernel-patch from the IBM Developerworks website which fixes a lot of problems (released on 2002.10.24).

* Integrated the kerntypes patch from the IBM Developerworks website (released on 2002.09.13).

* Integrated the on-demand timer patch from the IBM Developerworks website (released on 2002.10.24).

* Ported the ramdisk-patch to apply on 2.4.19-kernel-source (port by Bastian Blank <waldi@debian.org>).

* Ported the cmsfs-patch to apply on 2.4.19-kernel-source (port by Bastian Blank <waldi@debian.org>).

* Removed ksyms-fix-patch (not needed any longer).

* Removed s390-tape-.udeb.

New packages

kernel-image-2.4-genericupdates2.4.20-1woody.8alpha
kernel-image-2.4-smpupdates2.4.20-1woody.8alpha
kernel-image-2.4-wildfireupdates2.4.20-1woody.8alpha

* Rebuilt against kernel-source 2.4.20-3woody.3.

. Fixed ptrace security hole.

. Changed modules ABI. New packages

Some binary packages got lost anyway

kernel-image-2.4-386updates2.4.20-3woody.7i386
kernel-image-2.4-586tscupdates2.4.20-3woody.7i386
kernel-image-2.4-686-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-686updates2.4.20-3woody.7i386
kernel-image-2.4-k6updates2.4.20-3woody.7i386
kernel-image-2.4-k7-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-k7updates2.4.20-3woody.7i386

* Rebuilt against kernel-source 2.4.20-3woody.2.

. Fixed ptrace security hole.

. Changed modules ABI. New packages

Some binary packages got lost anyway

kernel-build-2.4.20-2updates2.4.20-1woody.10alpha
kernel-headers-2.4.20-2updates2.4.20-1woody.10alpha
kernel-image-2.4-wildfireupdates2.4.20-1woody.10alpha
kernel-image-2.4.20-2-alphaupdates2.4.20-1woody.10source
kernel-image-2.4.20-2-genericupdates2.4.20-1woody.10alpha
kernel-image-2.4.20-2-smpupdates2.4.20-1woody.10alpha
kernel-image-2.4.20-2-wildfireupdates2.4.20-1woody.10alpha

New packages

* Modify System.map for modutils << 2.4.17.

* Rebuilt against kernel-source 2.4.20-3woody.5.

. Fixed hashing exploits in network stack (David S. Miller).

* Changed modules ABI.

* Rebuilt against kernel-source 2.4.20-3woody.6.

. Fixed TIOCCONS and writing to /dev/console.

. Fixed hashing exploits in fragment processing.

* Rebuilt against kernel-source 2.4.20-3woody.7.

. Made /proc/tty/driver root-only (CAN-2003-0461).

. Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476).

. Fixed sunrpc UDP reuse bug in net/sunrpc/svcsock.c (CAN-2003-0464).

. Fixed unchecked copy_to_user in fs/proc/proc_misc.c.

. Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).

. Fixed bridging security issues (CAN-2003-055[012]).

* Rebuilt against kernel-source 2.4.20-3woody.10.

. Fixed signed comparison in fs/nfsd/nfs3xdr.c.

kernel-build-2.4.20-2updates2.4.20-3woody.9i386
kernel-headers-2.4.20-2updates2.4.20-3woody.9i386
kernel-image-2.4-386updates2.4.22-2woody.1i386
kernel-image-2.4-586tscupdates2.4.22-2woody.1i386
kernel-image-2.4-686-smpupdates2.4.22-2woody.1i386
kernel-image-2.4-686updates2.4.22-2woody.1i386
kernel-image-2.4-k6updates2.4.22-2woody.1i386
kernel-image-2.4-k7-smpupdates2.4.22-2woody.1i386
kernel-image-2.4-k7updates2.4.22-2woody.1i386
kernel-image-2.4.20-2-386updates2.4.20-3woody.9i386
kernel-image-2.4.20-2-586tscupdates2.4.20-3woody.9i386
kernel-image-2.4.20-2-686-smpupdates2.4.20-3woody.9i386
kernel-image-2.4.20-2-686updates2.4.20-3woody.9i386
kernel-image-2.4.20-2-i386updates2.4.20-3woody.9source
kernel-image-2.4.20-2-k6updates2.4.20-3woody.9i386
kernel-image-2.4.20-2-k7-smpupdates2.4.20-3woody.9i386
kernel-image-2.4.20-2-k7updates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-386updates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-586tscupdates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-686-smpupdates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-686updates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-k6updates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-k7-smpupdates2.4.20-3woody.9i386
kernel-pcmcia-modules-2.4.20-2-k7updates2.4.20-3woody.9i386

New packages

* Reverted initrd location change that crept in.

* Rebuilt against kernel-source 2.4.20-3woody.5.

. Fixed TSS I/O bitmap initialisation in arch/i386/kernel/ioport.c.

. Fixed hashing exploits in network stack (David S. Miller).

* Changed modules ABI.

* Rebuilt against kernel-source 2.4.20-3woody.6.

. Fixed mxcsr security hole in arch/i386/kernel/i387.c.

. Fixed TIOCCONS and writing to /dev/console.

. Fixed hashing exploits in fragment processing.

* Rebuilt against kernel-source 2.4.20-3woody.7.

. Made /proc/tty/driver root-only (CAN-2003-0461).

. Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476).

. Fixed sunrpc UDP reuse bug in net/sunrpc/svcsock.c (CAN-2003-0464).

. Fixed unchecked copy_to_user in fs/proc/proc_misc.c.

. Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).

. Fixed bridging security issues (CAN-2003-055[012]).

* Rebuilt against kernel-source 2.4.20-3woody.10.

. Fixed signed comparison in fs/nfsd/nfs3xdr.c

* Rebuilt against kernel-source 2.4.20-3woody.11.

. Fixed steal_locks race.

...

kernel-build-2.4.20-2updates2.4.20-1woody.8alpha
kernel-headers-2.4.20-2updates2.4.20-1woody.8alpha
kernel-image-2.4-genericupdates2.4.20-1woody.8alpha
kernel-image-2.4-smpupdates2.4.20-1woody.8alpha
kernel-image-2.4-wildfireupdates2.4.20-1woody.8alpha
kernel-image-2.4.20-2-alphaupdates2.4.20-1woody.8source
kernel-image-2.4.20-2-genericupdates2.4.20-1woody.8alpha
kernel-image-2.4.20-2-smpupdates2.4.20-1woody.8alpha
kernel-image-2.4.20-2-wildfireupdates2.4.20-1woody.8alpha

* New upstream release.

* Enabled LEGACY_START_ADDRESS in generic image.

* Added UP wildfire flavour.

* Depend on initrd-tools 0.1.32woody.1 so that TGA FB can be load correctly.

* Moved udebs to standalone source package.

* Consolidated flavoured kernel header packages into one.

* Disabled EPATC8 by default (see i386).

* Disabled CONFIG_NET_SCH_INGRESS (see i386).

* Options disabled on wildfire since they do not compile:

. CONFIG_ISTALLION

. CONFIG_SOUND_VIA82CXXX

* Disabled CONFIG_INET_ECN again.

* Rebuilt against kernel-source 2.4.20-3woody.1.

* Fixed ethernet packet padding information leak (2.4ac, see #176178):

* Rebuilt against kernel-source 2.4.20-3woody.11.

. Fixed steal_locks race.

New packages

kernel-image-2.4-386updates2.4.20-3woody.7i386
kernel-image-2.4-586tscupdates2.4.20-3woody.7i386
kernel-image-2.4-686-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-686updates2.4.20-3woody.7i386
kernel-image-2.4-k6updates2.4.20-3woody.7i386
kernel-image-2.4-k7-smpupdates2.4.20-3woody.7i386
kernel-image-2.4-k7updates2.4.20-3woody.7i386

* New upstream release.

* Reenabled CONFIG_VIDEO_SELECT since CONFIG_VIDEO_VESA is now conditional.

* Moved udebs to standalone source package.

* Enabled CONFIG_HOTPLUG_PCI_ACPI.

* Enabled CONFIG_VESA_FB as a module.

* Depend on initrd-tools 0.1.32woody.1 so that VESA FB can be loaded correctly.

* Disabled EPATC8 by default.

* Disabled CONFIG_NET_SCH_INGRESS.

* Consolidated flavoured kernel header packages into one.

* Disabled CONFIG_INET_ECN again.

* Rebuilt against kernel-source 2.4.20-3woody.1.

* Fixed ethernet packet padding information leak (2.4ac, see #176178):

Some binary package got lost anyway

kernel-headers-2.4.20-bf2.4updates2.4.20-5i386
kernel-image-2.4.20-bf2.4updates2.4.20-5i386
kernel-image-2.4.20-i386bfupdates2.4.20-5source
kernel-pcmcia-modules-2.4.20-bf2.4updates2.4.20-5i386

* compiled selected NIC drivers monolithically, to aid PXE booting for on-board NIC's (Closes: #178556)

* Added EHCI (USB 2.0) module support (Closes: #183894)

* Removed automatic pcmcia (external) module build, it does not work properly.

New packages

kernel-build-2.4.22-2updates2.4.22-2woody.1alpha
kernel-headers-2.4.22-2-genericupdates2.4.22-2woody.1alpha
kernel-headers-2.4.22-2-smpupdates2.4.22-2woody.1alpha
kernel-headers-2.4.22-2updates2.4.22-2woody.1alpha
kernel-image-2.4-genericupdates2.4.22-2woody.1alpha
kernel-image-2.4-smpupdates2.4.22-2woody.1alpha
kernel-image-2.4.22-2-genericupdates2.4.22-2woody.1alpha
kernel-image-2.4.22-2-smpupdates2.4.22-2woody.1alpha
kernel-image-2.4.22-alphaupdates2.4.22-2woody.1source

New packages

kernel-build-2.4.22-2updates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-386updates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-586tscupdates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-686-smpupdates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-686updates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-k6updates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-k7-smpupdates2.4.22-2woody.1i386
kernel-headers-2.4.22-2-k7updates2.4.22-2woody.1i386
kernel-headers-2.4.22-2updates2.4.22-2woody.1i386
kernel-image-2.4-386updates2.4.22-2woody.1i386
kernel-image-2.4-586tscupdates2.4.22-2woody.1i386
kernel-image-2.4-686-smpupdates2.4.22-2woody.1i386
kernel-image-2.4-686updates2.4.22-2woody.1i386
kernel-image-2.4-k6updates2.4.22-2woody.1i386
kernel-image-2.4-k7-smpupdates2.4.22-2woody.1i386
kernel-image-2.4-k7updates2.4.22-2woody.1i386
kernel-image-2.4.22-2-386updates2.4.22-2woody.1i386
kernel-image-2.4.22-2-586tscupdates2.4.22-2woody.1i386
kernel-image-2.4.22-2-686-smpupdates2.4.22-2woody.1i386
kernel-image-2.4.22-2-686updates2.4.22-2woody.1i386
kernel-image-2.4.22-2-k6updates2.4.22-2woody.1i386
kernel-image-2.4.22-2-k7-smpupdates2.4.22-2woody.1i386
kernel-image-2.4.22-2-k7updates2.4.22-2woody.1i386
kernel-image-2.4.22-i386updates2.4.22-2woody.1source
kernel-pcmcia-modules-2.4-386updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-586tscupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-686-smpupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-686updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-k6updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-k7-smpupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4-k7updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-386updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-586tscupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-686-smpupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-686updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-k6updates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-k7-smpupdates2.4.22-2woody.1i386
kernel-pcmcia-modules-2.4.22-2-k7updates2.4.22-2woody.1i386

New packages

kernel-headers-2.4.20-sparcupdates26.potato.1all
kernel-image-2.4.20-sun4u-smpupdates26.potato.1sparc
kernel-image-2.4.20-sun4uupdates26.potato.1sparc
kernel-image-sparc-2.4stable26source
kernel-image-sparc-2.4updates26.potato.1source

New packages

* Compile against newer kernel source for ptrace fix.

* Added UltraSPARC I HME ethernet patch.

Hmm, potato?

Why does this add new binary packages?

kernel-patch-2.4-netwinderupdates20030226-1source
kernel-patch-2.4.19-netwinderupdates20030226-1all

* Initial release of the netwinder patch.

* it's the armlinux_2_4 tree from netwinder.org CVS

New packages

kernel-patch-2.4-rmkupdates20021025-1source
kernel-patch-2.4.19-rmk4updates20021025-1all

* Initial release of the rmk kernel patch series.

* Backed out the changes to the EXTRAVERSION string in the main Makefile.

* Removed a patch which corrects a comment to include/asm-arm/socket.h but which is already corrected in the kernel-source package.

New packages

kernel-patch-2.4.19-riscstationupdates20030108all source

* Initial release of the riscstation specific patch

New packages

kernel-patch-2.4.19-s390updates0.0.20021024-0.woody.1all source

* New upstream release.

* Replaced 2.4.17-patches by the initial 2.4.19-patch from the IBM Developerworks website (released on 2002.09.13). This patch includes the source code for the qdio I/O-driver which was only available as object code only module so far, and support for the new zSeries FCP attachment for SCSI.

* Integrated a new kernel-patch from the IBM Developerworks website which fixes a lot of problems (released on 2002.10.24).

* Integrated the kerntypes patch from the IBM Developerworks website (released on 2002.09.13).

* Integrated the on-demand timer patch from the IBM Developerworks website (released on 2002.10.24).

* Ported the ramdisk-patch to apply on 2.4.19-kernel-source (port by Bastian Blank <waldi@debian.org>).

* Ported the cmsfs-patch to apply on 2.4.19-kernel-source (port by Bastian Blank <waldi@debian.org>).

* Removed ksyms-fix-patch (not needed any longer).

New package

Gerhard Tonn: as long as the kernel image 2.4.19 for s390 hasn't been accepted, the kernel-patch for 2.4.17 shouldn't be removed.

Joey: There is no kernel image 2.4.19 for s390 yet, hence postponing.

kernel-patch-2.4.19-sharkupdates20030107all source

* Initial release of the shark specific patch

New package

kernel-patch-usagistable0.0.20020401-1all source
kernel-patch-usagiupdates0.0.20020401-2all source

* Fix reject in patching process. (closes: Bug#194908)

* Port to latest kernel-source-2.2.22.

Not suited for Debian stable

kernel-doc-2.2.25updates2.2.25-1all
kernel-source-2.2.25updates2.2.25-1all source

* New upstream release.

. Fixes the ptrace security hole.

New packages

* Fixed i386 lcall DoS (Petr Vandrovec).

Binary package got lost anyway.

Junichi says: that leaves ALSA etc. modules out of sync, doesn't it? There are several module packages that would be made uninstallable if you remove those kernel packages. Hence, we'll need to wait for all modules packages to appear as well until the kernel may be installed.

kernel-doc-2.4.20updates2.4.20-3woody.13all
kernel-source-2.4.20updates2.4.20-3woody.13all source

New packages

kernel-doc-2.4.22updates2.4.22-2woody.1all
kernel-patch-debian-2.4.22updates2.4.22-2woody.1all
kernel-source-2.4.22updates2.4.22-2woody.1all source
kernel-tree-2.4.22updates2.4.22-2woody.1all

New packages

libpam-pwdfilestable0.6-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
libpam-pwdfileupdates0.98-0woody1mipsel
libpam-pwdfileupdates0.98-0woody2alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source

Rebuild under Woody. Hopefully this revision will be included in the upcoming Debian GNU/Linux 3.0r2 release, as the existing package is completely broken.

New upstream version, quite different from the version in woody, absolutely not suited for Debian stable.

Also maintainer asked to disregard the request of including the update in Debian stable.


MISSING mipsel

logcheck-databasestable1.1.1-13.1all
logcheck-databaseupdates1.1.1-13.5.woody.0all
logcheckstable1.1.1-13.1all source
logcheckupdates1.1.1-13.5.woody.0all source
logtailstable1.1.1-13.1all
logtailupdates1.1.1-13.5.woody.0all

* Upload of the old code base to stable as the fixes from my NMUs (1.1.1-13.2 though 1.1.1-13.5) should be included in woody. The bugs closed in this upload have all been filed since woody was released.

* Does not remove /var/lib/logcheck in the postinst. (closes: #152172, #165863)

* Now creates a temporary directory and removes it after each run. (closes: #162041)

* The ignore files are now cleaned into the temporary directory. (closes: #154624)

* Backport fix from unstable branch to reduce logtail's memory usage (ref #175546)

* Removed manpages for logcheck & logtail that were added in 1.1.1-13.2.

Not applicable for Debian stable

lvm-commonstable1.5.5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
lvm-commonupdates1.5.6woodyalpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Move startup script to S26 so it happens after RAID startup Closes: #187198

mew-binstable1:2.2-3alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mew-binupdates1:2.2-3.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mewstable1:2.2-3all source
mewupdates1:2.2-3.1all source

* NMU to fix potential security hole.

* mew-smtp.el (mew-smtp-insert-file): Don't send an old message buffer to other recipient by accident. mew-smtp-insert-file removes an old message buffer if exists. backport from Mew 3.0.69 by Tatsuya Kinoshita <tats@vega.ocn.ne.jp> closes: Bug#186086

This problem has not been agreed to justify a security update for Debian stable

libnspr-devstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnspr-devupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnspr4stable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnspr4updates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnss-devstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnss-devupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnss3stable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
libnss3updates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-browserstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-browserupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-chatzillastable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-chatzillaupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-devstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-devupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-dom-inspectorstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-dom-inspectorupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-js-debuggerstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-js-debuggerupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-mailnewsstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-mailnewsupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-psmstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-psmupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-xmltermstable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozilla-xmltermupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc
mozillastable2:1.0.0-0.woody.1alpha arm hppa i386 ia64 m68k powerpc s390 sparc source
mozillaupdates2:1.0.2-3alpha arm hppa i386 ia64 m68k powerpc s390 sparc source

New upstream version

mozilla-locale-de-atstable1.0.0-0all source
mozilla-locale-de-atupdates1.0.2-1all source

New upstream release

libmysqlclient10-devstable3.23.49-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmysqlclient10-devupdates3.23.51-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmysqlclient10stable3.23.49-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
libmysqlclient10updates3.23.51-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mysql-clientstable3.23.49-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mysql-clientupdates3.23.51-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mysql-commonstable3.23.49-8all
mysql-commonupdates3.23.51-1woody5all
mysqlstable3.23.49-8source
mysql-dfsgupdates3.23.51-1woody5source
mysql-serverstable3.23.49-8alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
mysql-serverupdates3.23.51-1woody5alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc

* many changes, and new upstream versions

* SECURITY: Applied fix for DSA-212 that was applied to version 3.23.49-8.2, too.

Christian Hammers explained that 3.23.50 contains a fix against a bug resulting in a segementation fault which "lets all mysql programs including perl scripts etc. segfault when using the read_default_group() function", that was fixed upstream. 3.23.51 also has some scripts changed. However, that function seems to be used not very frequently, so it's a minor bug.

The current problems with 3.23.51 is that the original 3.23.49 package was created a bit ugly and has a too big diff file and the 3.23.51 had to be split up in mysql-dfsg and mysql-nonfree due to license problems that were not yet aware when releasing 3.23.49 (only the docs are not 100% GPL).

Creating a diff through both versions is not possible. Many differences are made in documentation and file locations, and the source package was renamed as well. I'm not convinced this should go into stable.

Maintainer, security team and stable release manager decided to withdraw this version and let the security update enter stable afterwards.

pcmcia-modules-2.4.20-bf2.4updates3.1.33-6k1i386

* Built for kernel-image-2.4.20-bf2.4.

qpopper-dracstable4.0.4-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
qpopper-dracupdates4.0.4-2.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
qpopperstable4.0.4-2.woody.1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
qpopperupdates4.0.4-2.woody.4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

4.0.4-2.woody.3: DSA 259 - mail user privilege escalation

4.0.4-2.woody.4: Fix wrong XTND XMIT directory. (closes:Bug#192387), not applicable for Debian stable

replicatorstable2.1.0i386 source
replicatorupdates2.9i386 source

* repli-sync works (closes: #106311)

* now works with woody (closes: #155656)

* this release contains all bugfixes up to version 3.0-2

* documentation updated to reflect woody support

* bugfixe : parsing of @networks

* /etc/replicator* removed from exlude list

* $mkfs added to choose filesystem on target

* repli-dialog show the name of installation device and $mkfs

* better handling of kernel keymap (woody compliant)

* when partitionning, the first 512 bytes of the partitions are filed with 0 (Bertrand Louis-Lucas)

* moved all scripts to /usr/sbin (on miniroot-server and in miniroot) : closes #106311

* closes: #112557

Not applicable for Debian stable

ssedstable3.57a-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
ssedupdates3.60-1.1woodyalpha hppa i386 ia64 m68k mips mipsel powerpc s390 source

New upstream version.

* Rebuild with stable chroot (the previous upload was built on testing by mistake) (Closes: #202062).


MISSING arm
MISSING sparc

subterfuguestable0.2.1a-1i386 source
subterfugueupdates0.2.1a-1.2i386 source

* Add many more syscalls. This is needed to run on newer 2.4 kernels, and since a 2.4 kernel is required to run the program at all, this is important. The old version crashes and burns if used under a newish 2.4 kernel. Release manager, please consider this for an update. (Closes: Bug#192733)

* update MAXCALLNUMBER.

tilpstable5.03-1alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
tilpupdates5.03-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Fixed postrm script to not barf on purge (closes: Bug#153718).

* Fixed segfault when opening a directory not readable by user.

* Fixed permissions on newly-created directories (closes: Bug#153517).

webmin-apachestable0.94-7all
webmin-apacheupdates0.94-11all
webmin-bind8stable0.94-7all
webmin-bind8updates0.94-11all
webmin-burnerstable0.94-7all
webmin-burnerupdates0.94-11all
webmin-cluster-softwarestable0.94-7all
webmin-cluster-softwareupdates0.94-11all
webmin-cluster-useradminstable0.94-7all
webmin-cluster-useradminupdates0.94-11all
webmin-corestable0.94-7all
webmin-coreupdates0.94-11all
webmin-cpanstable0.94-7all
webmin-cpanupdates0.94-11all
webmin-dhcpdstable0.94-7all
webmin-dhcpdupdates0.94-11all
webmin-exportsstable0.94-7all
webmin-exportsupdates0.94-11all
webmin-fetchmailstable0.94-7all
webmin-fetchmailupdates0.94-11all
webmin-grubstable0.94-7i386
webmin-grubupdates0.94-11i386
webmin-heartbeatstable0.94-7all
webmin-heartbeatupdates0.94-11all
webmin-inetdstable0.94-7all
webmin-inetdupdates0.94-11all
webmin-jabberstable0.94-7all
webmin-jabberupdates0.94-11all
webmin-lpadminstable0.94-7all
webmin-lpadminupdates0.94-11all
webmin-monstable0.94-7all
webmin-monupdates0.94-11all
webmin-mysqlstable0.94-7all
webmin-mysqlupdates0.94-11all
webmin-nisstable0.94-7all
webmin-nisupdates0.94-11all
webmin-postfixstable0.94-7all
webmin-postfixupdates0.94-11all
webmin-postgresqlstable0.94-7all
webmin-postgresqlupdates0.94-11all
webmin-pppstable0.94-7all
webmin-pppupdates0.94-11all
webmin-qmailadminstable0.94-7all
webmin-qmailadminupdates0.94-11all
webmin-quotastable0.94-7all
webmin-quotaupdates0.94-11all
webmin-raidstable0.94-7all
webmin-raidupdates0.94-11all
webmin-sambastable0.94-7all
webmin-sambaupdates0.94-11all
webmin-sendmailstable0.94-7all
webmin-sendmailupdates0.94-11all
webmin-softwarestable0.94-7all
webmin-softwareupdates0.94-11all
webmin-squidstable0.94-7all
webmin-squidupdates0.94-11all
webmin-sshdstable0.94-7all
webmin-sshdupdates0.94-11all
webmin-sslupdates0.94-11all
webmin-statusstable0.94-7all
webmin-statusupdates0.94-11all
webmin-stunnelstable0.94-7all
webmin-stunnelupdates0.94-11all
webmin-wuftpdstable0.94-7all
webmin-wuftpdupdates0.94-11all
webmin-xinetdstable0.94-7all
webmin-xinetdupdates0.94-11all
webminstable0.94-7all source
webminupdates0.94-11all source

0.94-7woody1: DSA 319 - session ID spoofing

0.94-10:

* -8 and -9 were never uploaded.

* Improved the generation of the self-signed certificate to make it unique to the server it is being generated on.

* Permissions for config files are tightened up. (Closes: #183181)

* Explicitly set shell to /bin/bash in debian/rules so as not to cause problems for people who have a non-standard /bin/sh. Thanks again to Corey Wright for the patch.

* webmin-dhcp: Path to dhcpd.leases corrected. (Closes: #153820)

* webmin-postfix" Labels show up in module again (Closes: #150963)

* Undid all the mess caused by the last backport: foreign_require() in web-lib.pl should work properly now. The patch mentioned in the bug isn't necessary. (Closes: #178005) This also means scanning for servers should work again. (Closes:#156529)

* webmin-Squid: module no longer causes errors which make changing passwords fail. (Closes: #152292)

* webmin-quota: module doesn't cause undefined subroutine error (actually due to the bug in web-lib.pl.) (Closes: #159610)

* Allow colons in passwords. (Closes: #186110) Thanks Corey Wright.

0.94-10:

* webmin: added missing dependency on openssl (Closes: #202678)

* webmin-sendmail: fixed path to sendmail PID file. (Closes: #201085)

Too many changes, normal bugfixes are not suited for stable Debian releases.

xsanestable0.84-2alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
xsaneupdates0.84-4alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source

* Fix the fix : debian/control is copied at build time from control.xsane... Please see the previous entry for details...

Disclaimer

This list intends to help the ftp-masters releasing 3.0r2. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>.
Last updated 2003/11/21 11:15 MET