--- Debian 2.0 r5 is released Mon Feb 15 19:48:05 UTC 1999 dists/stable/non-free/binary-all/web/xmayday-doc_1.2.0-1.deb dists/stable/non-free/binary-i386/web/xmayday-doc_1.2.0-1.deb dists/stable/non-free/binary-m68k/web/xmayday-doc_1.2.0-1.deb dists/stable/non-free/source/web/xmayday-doc_1.2.0-1.dsc dists/stable/non-free/source/web/xmayday-doc_1.2.0-1.tar.gz * Removed - source is corrupt, and xmayday package itself is missing. dists/stable/binary-all/admin/pppconfig_1.1.deb dists/stable/source/admin/pppconfig_1.1.dsc dists/stable/source/admin/pppconfig_1.1.tar.gz * Upgrade to 1.1 as base disks contain this version. dists/stable/contrib/binary-all/net/ftpwatch_1.3.deb dists/stable/contrib/binary-i386/net/ftpwatch_1.3.deb dists/stable/contrib/binary-m68k/net/ftpwatch_1.3.deb dists/stable/contrib/source/net/ftpwatch_1.3.dsc dists/stable/contrib/source/net/ftpwatch_1.3.tar.gz * Removed for security reasons. Use the version in slink. dists/stable/main/binary-i386/games/filters_1.6.deb dists/stable/main/binary-m68k/games/filters_1.6.deb dists/stable/main/source/games/filters_1.6.dsc dists/stable/main/source/games/filters_1.6.tar.gz * Removed for copyright reasons. Use the version in potato. dists/stable/main/binary-i386/graphics/zgv_2.8-4.1.deb dists/stable/main/source/graphics/zgv_2.8-4.1.diff.gz dists/stable/main/source/graphics/zgv_2.8-4.1.dsc zgv (2.8-4.1) stable; urgency=HIGH * Ported zgv 3.0 buffer overflow patch back to 2.8 * Non-maintainer release. dists/stable/main/binary-i386/net/wu-ftpd-academ_2.4.2.16-12.2.deb dists/stable/main/binary-m68k/net/wu-ftpd-academ_2.4.2.16-12.2.deb dists/stable/main/source/net/wu-ftpd-academ_2.4.2.16-12.2.diff.gz dists/stable/main/source/net/wu-ftpd-academ_2.4.2.16-12.2.dsc wu-ftpd-academ (2.4.2.16-12.2) stable frozen; urgency=high * Apply security patch from Olaf Kirch dists/stable/main/binary-i386/net/proftpd_1.2.0pre1-2.deb dists/stable/main/binary-m68k/net/proftpd_1.2.0pre1-2.deb dists/stable/main/source/net/proftpd_1.2.0pre1-2.diff.gz dists/stable/main/source/net/proftpd_1.2.0pre1-2.dsc dists/stable/main/source/net/proftpd_1.2.0pre1.orig.tar.gz proftpd (1.2.0pre1-2) stable frozen unstable; urgency=high * Uploaded for stable by request of Wichert Akkerman. This fixes the Palmetto bug discovered by netect.com. Upgrade. Now. * Bug also fixed in slink and potato on Feb 4, closes: #32686, #33173. dists/stable/main/binary-i386/web/junkbuster_2.0-3.2.deb dists/stable/main/binary-m68k/web/junkbuster_2.0-3.2.deb dists/stable/main/source/web/junkbuster_2.0-3.2.diff.gz dists/stable/main/source/web/junkbuster_2.0-3.2.dsc junkbuster (2.0-3.2) stable frozen unstable; urgency=low * Correction to previous non-maintainer upload, of interest to people who run secure-su: * In the init.d script, explicitly transmit root's PATH to user nobody, because secure-su doesn't do this. (This made the previous version unable to find start-stop-daemon). dists/stable/main/binary-all/comm/hylafax-doc_4.0.2-7.deb dists/stable/main/binary-i386/comm/hylafax-client_4.0.2-7.deb dists/stable/main/binary-i386/comm/hylafax-server_4.0.2-7.deb dists/stable/main/binary-m68k/comm/hylafax-client_4.0.2-7.deb dists/stable/main/binary-m68k/comm/hylafax-server_4.0.2-7.deb dists/stable/main/source/comm/hylafax_4.0.2-7.diff.gz dists/stable/main/source/comm/hylafax_4.0.2-7.dsc hylafax (4.0.2-7) frozen unstable stable; urgency=high * Fixed faxcron, recvstats and xferstats /tmp bug (with tempfile) dists/stable/main/binary-i386/mail/deliver_2.1.13-2.1.deb dists/stable/main/binary-m68k/mail/deliver_2.1.13-2.1.deb dists/stable/main/source/mail/deliver_2.1.13-2.1.diff.gz dists/stable/main/source/mail/deliver_2.1.13-2.1.dsc deliver (2.1.13-2.1) stable frozen unstable; urgency=high * Non-maintainer release. * conf/local.h: define ML_DOTLOCK and LOCK_LOCKF; undefine LOCK_FLOCK to conform to policy (closes:Bug#29781). * debian/rules: pass UDEFS="-DHAS_NFS" to make * debian/changelog: removed explicit add-log-mailing-address dists/stable/main/binary-i386/net/netstd_3.07-2hamm.5.deb dists/stable/main/binary-m68k/net/netstd_3.07-2hamm.5.deb dists/stable/main/source/net/netstd_3.07-2hamm.5.diff.gz dists/stable/main/source/net/netstd_3.07-2hamm.5.dsc netstd (3.07-2hamm.5) stable; urgency=high * bootpd: Applied more overflow patches from RedHat. dists/stable/main/binary-i386/web/lynx_2.8-2.3.deb dists/stable/main/binary-m68k/web/lynx_2.8-2.3.deb dists/stable/main/source/web/lynx_2.8-2.3.diff.gz dists/stable/main/source/web/lynx_2.8-2.3.dsc lynx (2.8-2.3) stable; urgency=low * Patch from Thomas Roessler to fix problem where a second 'print' request would fail because of a temporary file left around by a first one. dists/stable/main/binary-i386/net/lpr_5.9-29hamm34.deb dists/stable/main/binary-m68k/net/lpr_5.9-29hamm34.deb dists/stable/main/source/net/lpr_5.9-29hamm34.diff.gz dists/stable/main/source/net/lpr_5.9-29hamm34.dsc lpr (5.9-29hamm34) stable; urgency=high * security fix: lpd no longer segfaults on requests from hosts with long names. (part of Bug#29872) * Upload for stable. dists/stable/main/binary-i386/text/ghostview_1.5-19.deb dists/stable/main/binary-m68k/text/ghostview_1.5-19.deb dists/stable/main/source/text/ghostview_1.5-19.diff.gz dists/stable/main/source/text/ghostview_1.5-19.dsc ghostview (1.5-19) stable; urgency=low * add install statements in debian/rules so that /usr/X11R6/* directories get the right permissions (closes: bug#32930). dists/stable/main/binary-i386/net/fsp_2.71-8hamm10.deb dists/stable/main/source/net/fsp_2.71-8hamm10.diff.gz dists/stable/main/source/net/fsp_2.71-8hamm10.dsc dists/stable/main/source/net/fsp_2.71.orig.tar.gz fsp (2.71-8hamm10) stable; urgency=high * hamm compile to resolve security issues with /home/ftp and ftp user dists/stable/main/binary-i386/admin/cfengine_1.4.9-3.deb dists/stable/main/binary-m68k/admin/cfengine_1.4.9-3.deb dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz dists/stable/main/source/admin/cfengine_1.4.9-3.dsc cfengine (1.4.9-3) stable; urgency=high * Fixes symlink bug in tidy.c, security related fix dists/stable/main/binary-i386/tex/bibtool_2.43-1.2.deb dists/stable/main/source/tex/bibtool_2.43-1.2.diff.gz dists/stable/main/source/tex/bibtool_2.43-1.2.dsc bibtool (2.43-1.2) stable; urgency=low * Eliminated dependence on tetex-nonfree. (Closes: Bug#29574) --- Debian 2.0 r4 is released. Mon Dec 7 14:12:56 UTC 1998 dists/stable/main/upgrade-i386/cd_autoup.sh * Installed new version that fixes syntax error --- Debian 2.0 r3 is released. Wed Oct 21 17:41:04 UTC 1998 dists/stable/main/binary-i386/base/bash_2.01.1-4.deb dists/stable/main/binary-i386/base/libreadlineg2_2.1-11.deb dists/stable/main/binary-i386/devel/libreadlineg2-dbg_2.1-11.deb dists/stable/main/binary-i386/devel/libreadlineg2-dev_2.1-11.deb dists/stable/main/binary-i386/oldlibs/libreadline2-altdev_2.1-11.deb dists/stable/main/binary-i386/oldlibs/libreadline2_2.1-11.deb dists/stable/main/binary-i386/utils/bash-builtins_2.01.1-4.deb dists/stable/main/binary-m68k/base/bash_2.01.1-4.deb dists/stable/main/binary-m68k/base/libreadlineg2_2.1-11.deb dists/stable/main/binary-m68k/devel/libreadlineg2-dbg_2.1-11.deb dists/stable/main/binary-m68k/devel/libreadlineg2-dev_2.1-11.deb dists/stable/main/binary-m68k/oldlibs/libreadline2-altdev_2.1-11.deb dists/stable/main/binary-m68k/oldlibs/libreadline2_2.1-11.deb dists/stable/main/binary-m68k/utils/bash-builtins_2.01.1-4.deb dists/stable/main/source/base/bash_2.01.1-4.diff.gz dists/stable/main/source/base/bash_2.01.1-4.dsc bash (2.01.1-4) stable unstable; urgency=high * libreadline 2.1-11 * Correct buffer overflow with long prompts. A root exploit is possible if \w is in root's PS1. dists/stable/main/binary-i386/net/bind_8.1.2-3.deb dists/stable/main/binary-i386/net/dnsutils_8.1.2-3.deb dists/stable/main/binary-m68k/net/bind_8.1.2-3.deb dists/stable/main/binary-m68k/net/dnsutils_8.1.2-3.deb dists/stable/main/source/net/bind_8.1.2-3.diff.gz dists/stable/main/source/net/bind_8.1.2-3.dsc bind (1:8.1.2-3) stable unstable; urgency=high * fix for buffer overflow problems in dig and nslookup, patch provided by Wichert Akkerman. Closes 26292, 24991. * new rblcheck version, closes 26109, 23354. * minor rblcheck fixes from Jason Gunthorpe. dists/stable/main/binary-all/admin/debian-cd_2.0.3.deb dists/stable/main/source/admin/debian-cd_2.0.3.dsc dists/stable/main/source/admin/debian-cd_2.0.3.tar.gz debian-cd (2.0.3) stable; urgency=low * add Contents-.gz (fixes: #26204) dists/stable/main/binary-i386/mail/fidogate_4.2.8-3.deb dists/stable/main/binary-m68k/mail/fidogate_4.2.8-3.deb dists/stable/main/source/mail/fidogate_4.2.8-3.diff.gz dists/stable/main/source/mail/fidogate_4.2.8-3.dsc fidogate (4.2.8-3) unstable stable; urgency=low * important postinst bugfix: adduser calls changed to support the hamm version dists/stable/main/binary-i386/comm/minicom_1.81.1-1.deb dists/stable/main/binary-m68k/comm/minicom_1.81.1-1.deb dists/stable/main/source/comm/minicom_1.81.1-1.diff.gz dists/stable/main/source/comm/minicom_1.81.1-1.dsc dists/stable/main/source/comm/minicom_1.81.1.orig.tar.gz minicom (1.81.1-1) stable; urgency=high * Re-Upload into stable made by the security team * New upstream version * Fixes: #15426: minicom: changelog uncompressed #18836: ascii transfer with minicom #18469: minicom: add a menu file #22314: [Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT>] Overflows in minic #22321: Overflows in minicom (fwd) dists/stable/main/binary-all/admin/ncurses-term_1.9.9g-8.10.deb dists/stable/main/binary-all/base/ncurses-base_1.9.9g-8.10.deb dists/stable/main/binary-i386/base/ncurses-bin_1.9.9g-8.10.deb dists/stable/main/binary-i386/base/ncurses3.4_1.9.9g-8.10.deb dists/stable/main/binary-i386/devel/ncurses3.4-dbg_1.9.9g-8.10.deb dists/stable/main/binary-i386/devel/ncurses3.4-dev_1.9.9g-8.10.deb dists/stable/main/binary-i386/devel/ncurses3.4-pic_1.9.9g-8.10.deb dists/stable/main/binary-m68k/base/ncurses-bin_1.9.9g-8.10.deb dists/stable/main/binary-m68k/base/ncurses3.4_1.9.9g-8.10.deb dists/stable/main/binary-m68k/devel/ncurses3.4-dbg_1.9.9g-8.10.deb dists/stable/main/binary-m68k/devel/ncurses3.4-dev_1.9.9g-8.10.deb dists/stable/main/binary-m68k/devel/ncurses3.4-pic_1.9.9g-8.10.deb dists/stable/main/source/libs/ncurses_1.9.9g-8.10.diff.gz dists/stable/main/source/libs/ncurses_1.9.9g-8.10.dsc ncurses (1.9.9g-8.10) stable unstable; urgency=high * Rebuilt so that dialog and sc do not coredump. dists/stable/main/binary-i386/net/netstd_3.07-2hamm.2.deb dists/stable/main/source/net/netstd_3.07-2hamm.2.diff.gz dists/stable/main/source/net/netstd_3.07-2hamm.2.dsc netstd (3.07-2hamm.2) stable; urgency=high * nfs-server: Upgraded to beta37, which fixes security holes. dists/stable/main/binary-m68k/net/netstd_3.07-2hamm.1.deb netstd (3.07-2hamm.1) stable; urgency=high * Fixes buffer overrun in rpc.mounted. dists/stable/main/binary-m68k/misc/screen_3.7.4-8.deb screen (3.7.4-8) stable unstable; urgency=HIGH * Fix critical bug #25970: /tmp race problem dists/stable/main/binary-i386/graphics/svgalib-bin_1.3.0-0.3.deb dists/stable/main/binary-i386/graphics/svgalibg1-dev_1.3.0-0.3.deb dists/stable/main/binary-i386/libs/svgalibg1_1.3.0-0.3.deb dists/stable/main/binary-i386/oldlibs/svgalib1-altdev_1.3.0-0.3.deb dists/stable/main/binary-i386/oldlibs/svgalib1_1.3.0-0.3.deb dists/stable/main/source/libs/svgalib_1.3.0-0.3.diff.gz dists/stable/main/source/libs/svgalib_1.3.0-0.3.dsc dists/stable/main/source/libs/svgalib_1.3.0.orig.tar.gz svgalib (1:1.3.0-0.3) stable unstable; urgency=high * NMU: fix substvars (fixes 26177) * don't exit on PCI bus 0 (maybe fixes 26241) dists/stable/main/binary-all/shells/tcsh-i18n_6.07.06-5.deb dists/stable/main/binary-i386/shells/tcsh_6.07.06-5.deb dists/stable/main/binary-m68k/shells/tcsh_6.07.06-5.deb dists/stable/main/source/shells/tcsh_6.07.06-5.diff.gz dists/stable/main/source/shells/tcsh_6.07.06-5.dsc tcsh (6.07.06-5) stable unstable; urgency=high * Plugged buffer overflow reported by Wichert Akkerman dists/stable/main/binary-all/x11/xbooks_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfnt100_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfnt75_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfntbase_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfntbig_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfntcyr_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfntpex_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xfntscl_3.3.2.3-2.deb dists/stable/main/binary-all/x11/xmanpages_3.3.2.3-2.deb dists/stable/main/binary-i386/oldlibs/xlib6-altdev_3.3.2.3-2.deb dists/stable/main/binary-i386/oldlibs/xlib6_3.3.2.3-2.deb dists/stable/main/binary-i386/oldlibs/xslib_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xbase_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xext_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xlib6g-dev_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xlib6g_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xnest_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xprt_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-8514_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-agx_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-i128_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-mach32_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-mach64_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-mach8_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-mono_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-p9000_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-s3_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-s3v_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-svga_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-vga16_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xserver-w32_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xslibg_3.3.2.3-2.deb dists/stable/main/binary-i386/x11/xvfb_3.3.2.3-2.deb dists/stable/main/source/x11/xfree86_3.3.2.3-2.diff.gz dists/stable/main/source/x11/xfree86_3.3.2.3-2.dsc xfree86 (3.3.2.3-2) stable; urgency=high * recompiled without X_LOCALE defined for libc6; any libc6-based X apps that are locale-aware should be recompiled with this xlib6g-dev --- Debian 2.0 r2 is released. Sat Aug 29 19:20:41 UTC 1998 dists/stable/main/disks-m68k/current/atari/install.lzh * Removed "raidtools" from "Admin" profile. raidtools depends on 2.1.x kernels. fixes: 24634 dists/stable/main/disks-m68k/current/mac/Debian-68k-Mac.image.bin dists/stable/main/disks-m68k/current/mac/Install.sit.bin dists/stable/main/disks-m68k/current/mac/drvmac.bin dists/stable/main/disks-m68k/current/mac/rescmac.bin * Removed "raidtools" from "Admin" profile. raidtools depends on 2.1.x kernels. fixes: 24634 Moved gap 3.4.4-1 to non-free * Moved main/binary-i386/math/gap_3.4.4-1.deb, main/source/math/gap_3.4.4-1.dsc, main/binary-m68k/math/gap_3.4.4-1.deb, main/source/math/gap_3.4.4-1.tar.gz to non-free * License doesn't meet DFSG. Removed xadmin 1.0.15-2 from main/admin * Removed main/binary-all/admin/xadmin_1.0.15-2.deb, main/binary-i386/admin/xadmin_1.0.15-2.deb, main/binary-m68k/admin/xadmin_1.0.15-2.deb, main/source/admin/xadmin_1.0.15-2.dsc, main/source/admin/xadmin_1.0.15.orig.tar.gz, main/source/admin/xadmin_1.0.15-2.diff.gz * Withdrawn by developer. dists/stable/main/upgrade-i386/README-upgrade dists/stable/main/upgrade-i386/cd_autoup.sh * New versions of cd_autoup.sh (v0.8) and README-upgrade (v0.6) dists/stable/main/binary-i386/devel/eperl_2.2.14-0.2.deb dists/stable/main/binary-m68k/devel/eperl_2.2.14-0.2.deb dists/stable/main/source/devel/eperl_2.2.14-0.2.diff.gz dists/stable/main/source/devel/eperl_2.2.14-0.2.dsc dists/stable/main/source/devel/eperl_2.2.14.orig.tar.gz eperl (2.2.14-0.2) stable unstable; urgency=low * Non-maintainer upload. * Re-uploaded to both stable (hamm) and unstable (slink) to fix the security bug in ePerl 2.2.12 (closes: Bug#24498). dists/stable/main/binary-all/comm/hylafax-doc_4.0.2-5.deb dists/stable/main/binary-i386/comm/hylafax-client_4.0.2-5.deb dists/stable/main/binary-i386/comm/hylafax-server_4.0.2-5.deb dists/stable/main/binary-m68k/comm/hylafax-client_4.0.2-5.deb dists/stable/main/binary-m68k/comm/hylafax-server_4.0.2-5.deb dists/stable/main/source/comm/hylafax_4.0.2-5.diff.gz dists/stable/main/source/comm/hylafax_4.0.2-5.dsc hylafax (4.0.2-5) unstable stable; urgency=high * Removed faxsurvey (security fix) dists/stable/main/binary-all/x11/xbooks_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfnt100_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfnt75_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfntbase_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfntbig_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfntcyr_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfntpex_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xfntscl_3.3.2.3-1.deb dists/stable/main/binary-all/x11/xmanpages_3.3.2.3-1.deb dists/stable/main/binary-i386/oldlibs/xlib6-altdev_3.3.2.3-1.deb dists/stable/main/binary-i386/oldlibs/xlib6_3.3.2.3-1.deb dists/stable/main/binary-i386/oldlibs/xslib_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xbase_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xext_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xlib6g-dev_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xlib6g_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xnest_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xprt_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-8514_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-agx_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-i128_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-mach32_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-mach64_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-mach8_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-mono_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-p9000_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-s3_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-s3v_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-svga_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-vga16_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xserver-w32_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xslibg_3.3.2.3-1.deb dists/stable/main/binary-i386/x11/xvfb_3.3.2.3-1.deb dists/stable/main/binary-m68k/oldlibs/xlib6-altdev_3.3.2.3-1.deb dists/stable/main/binary-m68k/oldlibs/xlib6_3.3.2.3-1.deb dists/stable/main/binary-m68k/oldlibs/xslib_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xbase_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xext_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xlib6g-dev_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xlib6g_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xnest_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xprt_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xserver-fbdev_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xslibg_3.3.2.3-1.deb dists/stable/main/binary-m68k/x11/xvfb_3.3.2.3-1.deb dists/stable/main/source/x11/xfree86_3.3.2.3-1.diff.gz dists/stable/main/source/x11/xfree86_3.3.2.3-1.dsc dists/stable/main/source/x11/xfree86_3.3.2.3.orig.tar.gz xfree86 (3.3.2.3-1) stable unstable; urgency=high (security release) * third public patch to XFree86 3.3.2, includes security fixes * config/cf/linux.cf: build with -DX_LOCALE flag, which fixes a number of obscure locale problems (thanks to Owen Taylor for tracking this down) (Fixes: #15617) * programs/Xserver/hw/xfree86/common_hw/xf86_PCI.c: re-apply patch from patch 2 so patch 3 applies cleanly * programs/Xserver/hw/xfree86/etc/scanpci.c: re-apply patch from patch 2 so patch 3 applies cleanly * programs/xkbcomp/symbols/dvorak: applied changes suggested by Ulf Carlsson and Andrew Pimlott (Fixes: #23426) * programs/xterm/main.c: reversed Debian Alpha TIOSLTC patch because it caused public patch 3 to fail -- perhaps it is not necessary now? * debian/copyright: updated version number and related information * debian/create-server: correct sed operation on xserver-preinst * debian/rules: removed reference to XFree86 version number * debian/xbase-configure: set LD_LIBRARY_PATH to /usr/X11R6/lib before running XF86Setup, since we cannot know if xlib6g's postinst has been run yet (Fixes: #25321) * debian/xbase-postinst: restore old /etc/X11/Xserver if one existed * debian/xbase-postinst: counter-paranoia message for /usr/X11R6/lib/X11/XF86Config (Fixes: #25109) * debian/xbase-preinst: add paranoia case for /usr/X11R6/lib/X11/XF86Config * debian/xbase-preinst: preserve existing /etc/X11/Xserver, which may have been installed by an xserver package (Fixes: #25322) * debian/xbase-readme: minor corrections and clarficiations * debian/xbase-xsession: corrected typo in comment block * debian/xserver-preinst: clean up after 3.3.2.2-4 * debian/xserver-postint: match newxserver file correctly and remove it when found (thanks to Ian Lynagh for catching the problem with the xserver install/upgrade prompting logic) * debian/xbase-writeconfig: use VT100.Translations resource as well as VT100.backarrowKey to make backspace key work (thanks, Ian Jackson) (Fixes: #24920) * debian/stuff/Xmark.man: minor typo correction (thanks, Anders Hammarquist) (Fixes: #25002) * bugs fixed prior to this release, by other packages, or non-bugs: 21167,23926 dists/stable/main/binary-i386/games/bsdgames_2.1-3hamm1.deb dists/stable/main/binary-m68k/games/bsdgames_2.1-3hamm1.deb dists/stable/main/source/games/bsdgames_2.1-3hamm1.diff.gz dists/stable/main/source/games/bsdgames_2.1-3hamm1.dsc bsdgames (2.1-3hamm1) stable; urgency=HIGH * Backported sail security fix from bsdgames 2.3. This fixes a file in /tmp hole. dists/stable/main/binary-i386/mail/mutt_0.91.2-2.deb dists/stable/main/binary-m68k/mail/mutt_0.91.2-2.deb dists/stable/main/source/mail/mutt_0.91.2-2.diff.gz dists/stable/main/source/mail/mutt_0.91.2-2.dsc mutt (0.91.2-2) stable; urgency=high (security bugfix) * Security fix: a buffer overflow could be exploited through Content-Type. Applied upstream bugfix patch-0.94.1i.tlr.content_type.1 . * Removed duplicate definitions of urlview support macros in Muttrc (fixes #24795). dists/stable/main/binary-i386/net/cfingerd_1.3.2-11.0.deb dists/stable/main/binary-m68k/net/cfingerd_1.3.2-11.0.deb dists/stable/main/source/net/cfingerd_1.3.2-11.0.diff.gz dists/stable/main/source/net/cfingerd_1.3.2-11.0.dsc cfingerd (1.3.2-11.0) stable unstable; urgency=high * Non-maintainer upload: Fixed a security hole in privs.h THIS SECURITY HOLE COULD LEAD TO ROOT COMPROMISE. dists/stable/main/binary-all/web/apache-dev_1.3.0-5.deb dists/stable/main/binary-all/web/apache-doc_1.3.0-5.deb dists/stable/main/binary-i386/web/apache_1.3.0-5.deb dists/stable/main/binary-m68k/web/apache_1.3.0-5.deb dists/stable/main/source/web/apache_1.3.0-5.diff.gz dists/stable/main/source/web/apache_1.3.0-5.dsc apache (1.3.0-5) stable; urgency=high * Patched against denial of service vulnerability discovered by Dag-Erling Sm<81>rgrav, where repeated, identical headers consumes O(n^2) memory.