News

2004/02/19

New kernel images and source packages for 2.4.24 are available. They fix another local root vulnerability in the mremap() system call. Also uploaded was a backport of Samba 3.0.2-2, which prevents an exploitable security hole on systems running Linux 2.6 kernels.

2004/02/20 Update: uploaded fixed kernel images and source packages for 2.6.2

Backports of Samba 3.0.2-1 and ClamAV 0.65-3 available. New Samba fixes a password initialization bug, ClamAV fixes a remote DoS vulnerability.

Backport of Mailman 2.1.4-1 available, which fixes several vulnerabilities. See DSA436-1 for details.

Semi-official backport of XFree86 4.3.0 for woody is available. Please go to http://people.debian.org/~nobse/xfree86/ for up-to-date packages. They are currently available for sparc and i386, others may follow. The changes needed on the packages from experimental will go into the (still empty) woody part of XSF's subversion repository very soon.

I am currently working on setting up buildd's for alpha and sparc and moving the complete repository to the Debian pool structure. This should not affect the current repository, but will definitely take some time, so do not expect too much updates within the next days.

2004/01/18 Update: First backports for alpha and sparc are available, see changelog.
2004/01/22 Update: First backports for powerpc are available, see changelog.

2004/01/09

New kernel images and source packages for 2.4.24 are available, which fixes the mremap() local root vulnerability. See DSA 413-1 for details.

2004/01/12 Update: Updated packages for 2.6.0 also available.

2004/01/05

XFree86 4.3.0 backport in pre/ section is updated to Brandens current 4.3.0-0pre1v5 release. The freetype problematic is still not fixed (and maybe will never be fixed), so think twice before installing it.

New target for kernel 2.6 and needed dependencies available. Use kernel-2.6 as last part in your backports.org sources.list line (see this mail for an example) to get new modutils, module-init-tools and sysfsutils. As soon as Herbert uploads his final 2.6.0 kernel-images they will be added too, currently there are only kernel-images for 2.6.0-test11.

2003/12/23 Update: udev was also added, but beware that it is still experimental
2003/12/25 Update: added a newer hdparm package, see #224961 for details
2003/12/29 Update: added final 2.6.0 kernel-images and new modconf
2004/01/02 Update: new net-tools with patched mii-tool for kernel 2.6 added
2004/01/12 Update: updated procps added, vmstat sometimes segfaults under kernel 2.6

2003/12/17

A while ago, I talked with Rene Engelhard (one of the OpenOffice.org Debian maintainers) about backporting OpenOffice.org 1.1.0. He told me they will create semi-official backports for woody. After that discussion I stopped working on my own backport. Now, a test backport is available, see Chris Hall's mail to the debian-openoffice mailinglist.

Website got a new design, based on Peter Palfraders layout which was abutted on the original Debian website layout. It's currently not finished, but I will work on it in the next weeks.

2003/12/15

Release files available, thanks to Piotr Roszatycki. Detailed instructions about their usage will be soon in the installation section, until then check Piotr's mail to our mailinglist.

2003/12/14

Update to lftp 2.6.10, which fixes two buffer overflow security problems. See SSA 2003-346-01 for details.

2003/12/13

The several reported problems reaching backports.org are fixed. It was a routing problem at the Nuernberger Internet Exchange.

2003/12/12

Update for irssi-text available, which fixes a remote crash with non-x86 architectures or with people running certain scripts (nicklist.pl, tab_stop.pl most importantly). See irssi website for details.

2003/12/09

Update for quagga available, which fixes a problem originally reported against Zebra. Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. See RHSA 2003-307 for details. Because of this, Zebra was kicked out of our archive, use quagga instead.

2003/12/06

Update to screen 4.0.2, which fixes a buffer overflow that allows privilege escalation for local users. See CAN-2003-0972 for details.

2003/12/04

Update to rsync 2.5.7 available, which fixes a heap overflow vulnerability. See DSA 404-1 for details.

2003/12/03

Kernel images for 2.4.23 are available, which fixes the do_brk() local root vulnerability. See DSA 403-1 for details. Thanks to Herbert Xu for giving me access to his packages while uploading to the Debian archive wasn't possible.

2003/11/26

Added some notes about backports for sarge, please discuss this on the mailinglist.

2003/11/24

Mailinglists are back, thanks to my colleague Rico. See http://lists.backports.org/ for instructions.

Main site moved to a new location and is now directly connected to the Nuernberger Internet eXchange.