[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

2.1r6 on the way...

On Tue, 11 Apr 2000, J.A. Bezemer wrote:

> For the generation of the Official Debian CD images the following things are
>  1) Install slink-proposed-updates/w3-el* in the main slink archive
>  2) Install anything waiting on security.debian.org (latest is mtr_0.28-1,
>     which has not yet been installed, since 9 March!)
>  3) Make a note in slink/ChangeLog that version 2.1r6 (!!!!) has been
>     released NOW.


I've attached the list of packages that should go in 2.1r6... Can the
alpha people please compile the 5 remaining packages? (I'm currently
compiling them on sparc).


"Si ca sent bon : mange-le, sinon pisse dessus..."  [Proverbe chien]
List of packages likely to be included in the next slink update (2.1r6)

In Incoming:

Security updates:
  [Vincent 2000/04/11]
  package      : roxen
  version      : 1.2beta2-3.1
  architectures: i386 m68k [ALPHA SPARC MISSING]
  issue        : Security fix - html encoding the output of the tags
                 referer, accept-language, clientname, file
                 Attacker can include code to be parsed by the server

  [Vincent 2000/04/11]
  package      : floppybackup
  version      : 1.3-2
  architectures: i386 m68k [ALPHA SPARC MISSING]
  issue        : Security Fix - fixed temporary file use

  [Vincent 2000/04/11]
  package      : mysql
  version      : 3.21.33b-4
  architectures: i386 m68k [ALPHA SPARC MISSING]
  issue        : Applied the official patch regarding the recently announced security
                 hole that allowed everybody who's host is allowed to connect to the
                 db to guess the password of an existing user with less than 40 tries.

  [Vincent 2000/04/11]
  package      : mtr
  version      : 0.28-1
  architectures: i386 m68k [ALPHA SPARC MISSING]
  issue        : Security fix for theoretical stack-smash-and-fork attack -
                 s/seteuid/setuid/ in mtr.c

  [Vincent 2000/04/11]
  package      : nmh
  version      : 0.27-0.28-pre8-4
  architectures: i386 m68k [ALPHA SPARC MISSING]
  issue        : Applied patch to fix security hole which allowed untrusted shell
                 code to be executed.

  [Vincent 2000/04/11]
  package      : htdig
  version      : 3.1.5-0.1
  architectures: alpha i386 m68k sparc
  issue        : Remote users could abuse htsearch and read files they should not
                 be able to read

Y2K updates:
  *none so far*

Other updates:
  [Vincent 2000/04/11]
  package      : w3-el
  version      : 4.0pre.23-5
  architectures: all
  issue        : updated to match updated emacs in 2.1r5.

  [Vincent 2000/04/11]
  package      : mirror
  version      : 2.9-13slink16
  architectures: all
  issue        : corrected the dependancies.

Reply to: