RfD: Preparing Debian 2.1r3
Hi folks,
I'm preparing another subrelease of Slink alias Debian 2.1. It will
be called Debian 2.1r3. Only security-related or very important
updates will make it into another stable release. The
proposed-updates directory contains about 150MB of packages. Not all
of them are accepted.
Please take a look at the packages listed below and tell us your
comments if you disagree with our selection.
1. Packages selected for stable
-------------------------------
These package will go into stable if we don't receive objections.
package: remembrance-agent
version: 1.41-6
architectures: source, i386, m68k, alpha, sparc
update type: copyright
move to non-free (needs ftpmaster intervention for the overridefile)
package: lpr
version: 1:0.33-3
architectures: m68k
update type: security
security-fix (switch to different lpr fork with a better codebase)
m68k had the wrong version
package: termcap-compat
version: 1.1.1.1.0slink1
architectures: source, alpha, i386, m68k, sparc
update type: security
fixes buffer overflow
package: cfingerd
version: 1.3.2-18.1
architectures: source, alpha, i386, m68k, sparc
update type: security
backported securityfix
package: epic
version: pre2.003-0slink2
architectures: source, i386, m68k, alpha, sparc
update type: security
potential DoS in the ANSI parser
package: epic-help
version: pre2.003-0slink1
architectures: source, all
update type: semi-security
documentation for epic fix
package: mailman
version: 1.0rc2-5
architectures: source, alpha, i386, m68k, sparc
update type: security
fixed version of security-fix (remote exploit iirc)
package: apt
version: 0.3.11
architectures: source, i386, m68k, alpha, sparc
update type: upgrade/install updates
fixes a bunch of bugs, probably very useful for people doing upgrades.
Check with Jason on how to fix the apt-removes-bash-bug first though
package: imap
version: 4.5-0slink3
architectures: source, alpha, m68k, sparc, i386
update type: security
fixed security-fix for remote exploit
package: exim
version: 2.05-2
architectures: source, i386, m68k, alpha
update type: grave bug
fix two major bugs in slink version, one of which caused mail lossage
package: isdnutils
version: 1:3.0-12slink13
architectures: source, alpha, i386, sparc
update type: security
xmonisdn called scripts were insecurely
package: man-db
version: 2.3.10-69FIX.1
architectures: source, i386, m68k, alpha, sparc
update type: security
open temporary files safely
package: procmail
version: 3.13.1-1
architectures: source, alpha, i386, m68k, sparc
update type: security
various nasty security fixes
package: rsync
versin: 2.3.1-0.slink.1
architectures: source, i386, m68k
update type: security
fix security problem with updates in some conditions
package: smtp-refuser
version: 1.0.1
architectures: source, i386, alpha, m68k, sparc
update type: security
fix logging which allowed deleting arbitraty files
package: tkdesk
version: 1.1-2
architectures: source, i386, m68k
update type: security
fix symlink attack
packge: jadetex
version: 2.2-1
architectures: source, all
update type: important bugfix
slink version was quite broken..
package: lam
version: 6.1-9
architectures: source, i386, m68k, sparc, alpha
update type: important bugfix
slink version was quite useless..
package: makedev
version: 2.3.1-23
architectures: source, all
update type: important bugfix
fix some stupid and really nasty bugs, especially for sparc
package: open
version: 1.4-10.1
architectures: source, i386, m68k, alpha, sparc
update type: important bugfix
undo previous changes which broke open in slink
package: sendmail
version: 8.9.3-3
architectures: source, alpha, i386, m68k, sparc
update type: important bugfix
allow .forward to work on group-writeable homedirs by default. otherwise
no user could use .forward files since homedirs are made groupwriteable
package: libdb
version: 1.85.4-4
architectures: alpha
update type: security
don't build broken snprintf, which ignores the bounds check, making programs
which just *happen* to use libdb vulnerable...
package: man2html
version: 1.5-18.1
architectures: source, i386, m68k, alpha, sparc
update type: security
Fixes /tmp race
package: trn
version: 3.6-9.3.1
architectures: source, i386, m68k, alpha, sparc
update type: security
Fixes /tmp race
package: boot-floppies
version: 2.1.9.1
architectures: m68k (others aren't changed)
update type: fixed install
update various bugs in the m68k install
package: selfhtml
version: 7.0-3
architectures: source, all
update type: security
Fixes patent problem
[ Not yet uploaded
packge: telnet/d, telnet/d-ssl
version:
architectures:
update type: security
Fixes exploitable bug in connection with termcap/-info.
]
2. Packages removed from proposed-updates
-----------------------------------------
These packages are rejected and will also be removed from the
proposed-updates directory.
package: libc6
version: 2.0.7.19981211-6.1
architectures: m68k (only m68k updates)
update type: ?
update m68k support, fixes hwclock amongs other things
package: egcs
version: 1.1.2-0slink2
architectures: i386, m68k
update type nonbeta release
final 1.1.2 release, small update from beta version in slink
package: lsof
version: 4.37-4
architectures: i386, m68k
update type: semi-security
a fix for a previous security update1
package: lprng
version: 3.5.2-2
architectures: m68k, sparc
update type: security
don't allow connections from unprivilidged by default, no source available
package: ascdc
version: 0.3-5.1
minor bugfix, doesn't fit update criteria
package: auto-pgp
version: 1.04-2
minor bugfix, doesn't fit update criteria
package: bsdgames-nonfree
version: 2.5-2
minor bugfix, doesn't fit update criteria
package: dhcpcd
version: 1:0.70-5
minor bugfix (tokenring support fixed), doesn't fit update criteria
package: dmalloc
version: 3.3.1-3
minor bugfix (small manpage update), doesn't fit update criteria
package: dpkg
version: 1.4.0.35
disabling gettext is a nasty surprised for a lot of people.. I think
we are better of with the few bugreport we are getting
package: fidogate
version: 4.2.8-4
bugfixes meant for unstable
package: frotz
version: 2.32r2-12
recompile only to remove the versioned libc dependency, which
doesn't hurt
us anyway
package: ftape
version: 4.03pre2.1999.04.25-1
major update over slink, don't think it meets the update criteria
package: fvwm2
version: 2.0.46-BETA-3.1
some alpha update, but I'm not convinced we need to include it. We
should probably check with some alpha people for this one
package: gdb
version: 4.17-4.m68k.objc.threads.hwwp.fpu.gnat.3.1
some sparc update, but I'm not convinced we need to include it. We
should probably check with some sparc people for this one
package: gettyps
version: 2.0.7j-7
fixes a normal bug, ie doesn't fit update criteria
package: infocom
version: 4.01pl2-7
should have only been uploaded to unstable, doesn't fix anything
important
package: inform
version: 6.14-4
should have only been uploaded to unstable, doesn't fix anything
package: kdrill
version: 4.0-1
new package, should have been uploaded only to unstable
package: kernel-image-2.0.36-amiga
version: 2.0.36-2
only fixes broken driver, is available in potato as well
package: kernel-source-2.2.5
version: 2.2.5-2
bugfixes
package: libpcap
version: 0.4a6-2.1
update for a non-released architecture only
package: linuxlogo
version: various
minor updates only
package: mingetty
version: 0.9.4-3.2
update for a non-released architecture only
package: nana
version: 2.3-1
new upstream version, no bugfixes
package: yorick
version: 1.4-12
changelog doesn't say enough to warrant inclusion imho
Regards,
Joey
Debian Security Team
--
GNU does not eliminate all the world's problems, only some of them.
-- The GNU Manifesto
Please always Cc to me when replying to me on the lists.
Attachment:
pgpC18yQg6YPL.pgp
Description: PGP signature