Re: Preparation of Debian GNU/Linux 3.0r3
On Fri, Mar 26, 2004 at 09:13:35PM +0100, Martin Schulze wrote:
> atari800 stable 1.2.2-1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> atari800 updates 1.2.2-1woody2 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source
>
> DSA 359 - buffer overflows
>
> contrib
>
> MISSING mipsel
There was a mipsel binary in stable-security; I have uploaded it to
proposed-updates.
> catdoc stable 0.91.5-1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> catdoc updates 0.91.5-1.99woody.1 alpha hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
>
> * Fixed insecure /tmp use (closes: #183525)
>
> * Fix backported from 0.91.5-2 because it fixes a security problem.
>
> MISSING arm
It probably failed to build due to some problem I couldn't fix. I don't
have the logs anymore.
> initrd-tools stable 0.1.32woody.3 all source
> initrd-tools updates 0.1.32woody.5 all source
>
> * Fixed merge errors in IDE change.
>
> * Load IDE PCI drivers if present.
>
> * Handle ide module names from ac tree.
I believe this is needed to support some common configurations using more
recent generic 2.4.x kernels with initrd on woody.
> kaffe stable 1:1.0.5e-0.4 arm
> kaffe stable 1:1.0.5e-0.5 alpha i386 m68k sparc source
> kaffe updates 1:1.0.5e-1 i386 source
>
> * Fixed a problem detecting time.h during build, source wouldn't compile.
>
> * Changed temporary file name allocation to use mktemp in the kaffe wrapper
> for security reasons, closes: #191866
>
> TODO: Review the changes
The tempfile changes, as I recall, were extremely obscure, kaffe doesn't
really build at all on stable, and hasn't for quite some time.
> kernel-headers-2.2.20-reiserfs stable 2.2.20-4 i386
> kernel-headers-2.2.20-reiserfs updates 2.2.20-4woody1 i386
> kernel-image-2.2.20-reiserfs-i386 stable 2.2.20-4 source
> kernel-image-2.2.20-reiserfs-i386 updates 2.2.20-4woody1 source
> kernel-image-2.2.20-reiserfs stable 2.2.20-4 i386
> kernel-image-2.2.20-reiserfs updates 2.2.20-4woody1 i386
>
> DSA 453 linux-kernel-2.2.20 - failing function and TLB flush
>
> pcmcia-modules-2.2.20-reiserfs: Depends: kernel-image-2.2.20-reiserfs (= 2.2.20-4)
>
> *Bummer*
Brian Mays or Eduard Bloch would know how to fix this.
> kernel-headers-2.4.18-bf2.4 stable 2.4.18-5 i386
> kernel-headers-2.4.18-bf2.4 updates 2.4.18-5woody5 i386
> kernel-image-2.4.18-bf2.4 stable 2.4.18-5 i386
> kernel-image-2.4.18-bf2.4 updates 2.4.18-5woody5 i386
>
> Security update
>
> * Build against kernel-source-2.4.18 2.4.18-14:
>
> - Added TASK_SIZE check to do_brk in mm/mmap.c (DSA-403-1)
>
> DSA 403 - kernel-image-2.4.18-1 - local root exploit
>
> But: pcmcia-modules-2.4.18-bf2.4
>
> Depends: kernel-image-2.4.18-bf2.4 (= 2.4.18-5)
>
> *Bummer*
See above.
> libgtop-daemon stable 1.0.13-3 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> libgtop-daemon updates 1.0.13-3.1 alpha arm hppa i386 ia64 m68k powerpc s390 sparc
> libgtop-dev stable 1.0.13-3 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> libgtop-dev updates 1.0.13-3.1 alpha arm hppa i386 ia64 m68k powerpc s390 sparc
> libgtop1 stable 1.0.13-3 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> libgtop1 updates 1.0.13-3.1 alpha arm hppa i386 ia64 m68k powerpc s390 sparc
> libgtop stable 1.0.13-3 source
> libgtop updates 1.0.13-3.1 source
>
> DSA 301 - buffer overflow
>
> MISSING mips
> MISSING mipsel
Uploaded from stable-security.
> mpg321 stable 0.2.10.1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> mpg321 updates 0.2.10.2 alpha hppa i386 ia64 m68k mipsel powerpc s390 sparc source
>
> DSA 411 mpg321 - format string vulnerability
>
> MISSING arm
> MISSING mips
Uploaded from stable-security.
> nd stable 0.5.0-1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> nd updates 0.5.0-1woody1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
>
> DSA 412 nd - buffer overflows
Why does this require further investigation?
> libssl-dev stable 0.9.6c-2.woody.4 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> libssl-dev updates 0.9.6c-2.woody.5 mipsel
> libssl-dev updates 0.9.6c-2.woody.6 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc
> libssl0.9.6 stable 0.9.6c-2.woody.4 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> libssl0.9.6 updates 0.9.6c-2.woody.5 mipsel
> libssl0.9.6 updates 0.9.6c-2.woody.6 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc
> openssl stable 0.9.6c-2.woody.4 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> openssl updates 0.9.6c-2.woody.5 mipsel
> openssl updates 0.9.6c-2.woody.6 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source
> ssleay stable 0.9.6c-2.woody.4 all
> ssleay updates 0.9.6c-2.woody.6 all
>
> DSA 465 openssl - several vulnerabilities
>
> MISSING mipsel
There never was a build of 0.9.6c-2woody.6 on mipsel; apparently a buildd
problem. Someone with access needs to build it.
> phpmyadmin stable 2.2.3-1 all source
> phpmyadmin updates 2.5.2-1woody2.1 all source
>
> * Stable security backport, closes: #203233.
>
> * The upstream also fixes XSS vulnerabilities, information
> encoding weakness and transversal directory attack. This was
> mentioned in Debian.NEWS file only, not changelog.Debian file.
> See http://www.securityfocus.com/archive/1/325641. Closes: #203092.
>
> * CVS fix: another patch for path disclosure problem.
>
> * CVS fix: a user could not edit his own global privileges.
This isn't a backport; the maintainer just uploaded the unstable version to
stable. It includes a slew of unrelated changes, and is not acceptable for
stable. And since it's already accepted to proposed-updates, we can't
upload a proper backport either.
> rinetd stable 0.61-1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> rinetd updates 0.61-1.1 alpha arm hppa ia64 m68k mips mipsel powerpc s390 sparc source
>
> DSA 289 - incorrect memory resizing
>
> MISSING i386
Uploaded from stable-security.
> rsync stable 2.5.5-0.1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> rsync updates 2.5.5-0.3 alpha arm hppa i386 ia64 m68k mips powerpc sparc source
>
> DSA 404 rsync - heap overflow
>
> MISSING mipsel
> MISSING s390
> MISSING sparc
stable-security only has 2.5.5-0.3??
> tcpdump stable 3.6.2-2.4 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> tcpdump updates 3.6.2-2.7 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source
>
> DSA 425 tcpdump - multiple vulnerabilities
>
> MISSING mipsel
Never built on mipsel; someone with access needs to build it.
> wget stable 1.8.1-6 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> wget updates 1.8.1-6.1 alpha arm hppa i386 ia64 m68k mips powerpc s390 sparc source
>
> DSA 209 - directory traversal
>
> MISSING mipsel
Ditto.
> xaos stable 3.0-23 alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source
> xaos stable 3.0-23.0.1 s390
> xaos updates 3.0-23woody1 alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc source
>
> DSA 310 - improper setuid-root execution
>
> MISSING s390
Uploaded from stable-security.
--
- mdz
Reply to: