2.1r6 on the way...
On Tue, 11 Apr 2000, J.A. Bezemer wrote:
> For the generation of the Official Debian CD images the following things are
> of CRITICAL IMPORTANCE:
>
> 1) Install slink-proposed-updates/w3-el* in the main slink archive
>
> 2) Install anything waiting on security.debian.org (latest is mtr_0.28-1,
> which has not yet been installed, since 9 March!)
>
> 3) Make a note in slink/ChangeLog that version 2.1r6 (!!!!) has been
> released NOW.
Ok,
I've attached the list of packages that should go in 2.1r6... Can the
alpha people please compile the 5 remaining packages? (I'm currently
compiling them on sparc).
Cordialement,
--
"Si ca sent bon : mange-le, sinon pisse dessus..." [Proverbe chien]
List of packages likely to be included in the next slink update (2.1r6)
=======================================================================
In Incoming:
Security updates:
[Vincent 2000/04/11]
package : roxen
version : 1.2beta2-3.1
architectures: i386 m68k [ALPHA SPARC MISSING]
issue : Security fix - html encoding the output of the tags
referer, accept-language, clientname, file
Attacker can include code to be parsed by the server
[Vincent 2000/04/11]
package : floppybackup
version : 1.3-2
architectures: i386 m68k [ALPHA SPARC MISSING]
issue : Security Fix - fixed temporary file use
[Vincent 2000/04/11]
package : mysql
version : 3.21.33b-4
architectures: i386 m68k [ALPHA SPARC MISSING]
issue : Applied the official patch regarding the recently announced security
hole that allowed everybody who's host is allowed to connect to the
db to guess the password of an existing user with less than 40 tries.
[Vincent 2000/04/11]
package : mtr
version : 0.28-1
architectures: i386 m68k [ALPHA SPARC MISSING]
issue : Security fix for theoretical stack-smash-and-fork attack -
s/seteuid/setuid/ in mtr.c
[Vincent 2000/04/11]
package : nmh
version : 0.27-0.28-pre8-4
architectures: i386 m68k [ALPHA SPARC MISSING]
issue : Applied patch to fix security hole which allowed untrusted shell
code to be executed.
[Vincent 2000/04/11]
package : htdig
version : 3.1.5-0.1
architectures: alpha i386 m68k sparc
issue : Remote users could abuse htsearch and read files they should not
be able to read
Y2K updates:
*none so far*
Other updates:
[Vincent 2000/04/11]
package : w3-el
version : 4.0pre.23-5
architectures: all
issue : updated to match updated emacs in 2.1r5.
[Vincent 2000/04/11]
package : mirror
version : 2.9-13slink16
architectures: all
issue : corrected the dependancies.
Reply to: