Preparation of Debian GNU/Linux 4.0r4
=====================================
An up-to-date version is at <http://release.debian.org/stable/4.0/4.0r4/>.

We are preparing the next revision of the current stable Debian
distribution (etch) and will frequently send reports so people can
actually comment on it and intervene whenever this is required.

If you disagree with one bit or another, please reply to this mail and
explain why these things should be handled differently.

An ftpmaster still has to give the final approval for each package
since ftpmasters are responsible for the archive.  However, we are
trying to make their work as easy as possible in hope to get the next
revision out properly and without any hassle.

If you would like to get a package updated in the stable release, you
are advised to talk to the stable release managers first (see
<http://www.debian.org/intro/organization>).

Accepted Packages
-----------------

These packages will be installed into the stable Debian distribution
and will be part of the next revision.

New package linux-kbuild-2.6.24:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 2.6.24-1~etchnhalf.1
 Rationales:
  - 2.6.24-1~etchnhalf.1: linux-kbuild-2.6.24 - New kernel for etchnhalf

New package atl2-etchnhalf:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 2.0.3-3~etchnhalf.1
 Rationales:
  - 2.0.3-3~etchnhalf.1: atl2-etchnhalf - source compatible w/ etchnhalf kernel

New package linux-latest-2.6-etchnhalf:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 13~etchnhalf.1
 Rationales:
  - 2.6.24+13~etchnhalf.1: linux-latest-2.6-etchnhalf - New kernel for etchnhalf

New package squashfs-etchnhalf:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 1:3.3-7~etchnhalf.2
 Rationales:
  - 3.3-7~etchnhalf.2: squashfs-etchnhalf - source compatible w/ etchnhalf kernel

New package openssh-blacklist:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 0.1.1
 Rationales:
  - 0.1.1: DSA 1576 openssh-blacklist - blacklist of compromised keys

New package linux-2.6.24:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 2.6.24-6~etchnhalf.4
 Rationales:
  - 2.6.24-6~etchnhalf.1: linux-2.6.24 - updated kernel for etchnhalf
  - 2.6.24-6~etchnhalf.2: linux-2.6.24 - updated kernel for etchnhalf
  - 2.6.24-6~etchnhalf.3: linux-2.6.24 - security updates for etchnhalf kernel
  - 2.6.24-6~etchnhalf.4: linux-2.6.24 - security updates for etchnhalf kernel + smbfs enable (#490293)

New package b43-fwcutter:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 1:011-1~etchnhalf.2
 Rationales:
  - 011-1~etchnhalf.2: b43-fwcutter - Fix wrongly encoded es.po

New package loop-aes-etchnhalf:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 3.2c-2~etchnhalf.2
 Rationales:
  - 3.2c-2~etchnhalf.1: loop-aes-etchnhalf - source compatible w/ etchnhalf kernel

New package xserver-xorg-video-intel:
 architectures in updates: s390 all amd64 i386 powerpc arm sparc alpha ia64 mips mipsel hppa
 version in updates: 2:2.2.1-1~etchnhalf2
 Rationales:
  - 2.2.1-1~etchnhalf2: xserver-xorg-video-intel - support more hardware (etchnhalf)


Sourceful update of speex:
 version in stable:  1.1.12-3
 version in updates: 1.1.12-3etch1
 Rationales:
  - 1.1.12-3etch1: DSA 1585 speex - Fix arbitrary code execution (#415327)

Sourceful update of peercast:
 version in stable:  0.1217.toots.20060314-1etch0
 version in updates: 0.1217.toots.20060314-1etch1
 Rationales:
  - 0.1217.toots.20060314-1etch1: DSA 1582 peercast - arbitrary code execution

Sourceful update of libtk-img:
 version in stable:  1:1.3-15
 version in updates: 1:1.3-15etch2
 Rationales:
  - 1.3-15etch2: DSA 1598 libtk-img - buffer overflow

Sourceful update of sysvinit:
 version in stable:  2.86.ds1-38
 version in updates: 2.86.ds1-38+etchnhalf.1
 Rationales:
  - 2.86.ds1-38+etchnhalf.1: sysvinit - update shutdown to work w/ libata in linux >= 2.6.23

Sourceful update of moin:
 version in stable:  1.5.3-1.2
 version in updates: 1.5.3-1.2etch1
 Rationales:
  - 1.5.3-1.2etch1: DSA 1514 moin - Several vulnerabilities

Sourceful update of blender:
 version in stable:  2.42a-7
 version in updates: 2.42a-7.1+etch1
 Rationales:
  - 2.42a-7.1+etch1: DSA 1567 blender - Fix arbitrary code execution

Sourceful update of sympa:
 version in stable:  5.2.3-1.2
 version in updates: 5.2.3-1.2+etch1
 Rationales:
  - 5.2.3-1.2+etch1: DSA 1600 sympa - denial of service

Sourceful update of samba:
 version in stable:  3.0.24-6etch9
 version in updates: 3.0.24-6etch10
 Rationales:
  - 3.0.24-6etch10: DSA 1590 samba - arbitrary code execution

Sourceful update of hal:
 version in stable:  0.5.8.1-9
 version in updates: 0.5.8.1-9etch1
 Rationales:
  - 0.5.8.1-9etch1: hal - Allows mounting ntfs volumes from within KDE (#418176)

Sourceful update of fai-kernels:
 version in stable:  1.17+etch.18etch1
 version in updates: 1.17+etch.21
 Rationales:
  - 1.17+etch.18etch2: DSA 1565 fai-kernels - Fix several vulnerabilities (linux-2.6)
  - 1.17+etch.18etch3: DSA 1565 fai-kernels - Fix several vulnerabilities (linux-2.6)
  - 1.17+etch.18etch4: DSA 1575 fai-kernels - Fix denial of service (linux-2.6)
  - 1.17+etch.18etch5: DSA 1588 fai-kernels - several vulnerabilities (linux-2.6)
  - 1.17+etch.21: fai-kernels - Rebuild against linux-2.6_2.6.18.dfsg.1-21

Sourceful update of debian-installer:
 version in stable:  20070308etch2
 version in updates: 20070308etch3
 Rationales:
  - 20070308etch3: debian-installer - rebuild images containing network-console

Sourceful update of kronolith2:
 version in stable:  2.1.4-1
 version in updates: 2.1.4-1etch1
 Rationales:
  - 2.1.4-1etch1: DSA 1560 kronolith2 - Fix cross site scripting

Sourceful update of apache2:
 version in stable:  2.2.3-4+etch4
 version in updates: 2.2.3-4+etch5
 Rationales:
  - 2.2.3-4+etch5: apache2 - Fix possible segfault introduced by patch for CVE-2007-6421.

Sourceful update of user-mode-linux:
 version in stable:  2.6.18-1um-2etch.18etch1
 version in updates: 2.6.18-1um-2etch.21
 Rationales:
  - 2.6.18-1um-2etch.18etch2: DSA 1565 user-mode-linux - Fix several vulnerabilities (linux-2.6)
  - 2.6.18-1um-2etch.18etch3: DSA 1565 user-mode-linux - Fix several vulnerabilities (linux-2.6)
  - 2.6.18-1um-2etch.18etch4: DSA 1575 user-mode-linux - denial of service (linux-2.6)
  - 2.6.18-1um-2etch.18etch5: DSA 1588 fai-kernels - several vulnerabilities (linux-2.6)
  - 2.6.18-1um-2etch.21: user-mode-linux - Rebuild against linux-2.6_2.6.18=2Edfsg.1-21

Sourceful update of dns-flood-detector:
 version in stable:  1.12-1
 version in updates: 1.12-1etch1
 Rationales:
  - 1.12-1etch1: dns-flood-detector - Actually write a pid file for start-stop-daemon (#431676)

Sourceful update of dovecot:
 version in stable:  1.0.rc15-2etch3
 version in updates: 1.0.rc15-2etch4
 Rationales:
  - 1.0.rc15-2etch4: DSA 1516 dovecot - Fix privilege escalation

Sourceful update of qsynth:
 version in stable:  0.2.5-2
 version in updates: 0.2.5-2+etch1
 Rationales:
  - 0.2.5-2+etch1: qsynth - Fix wrongly named desktop file

Sourceful update of unzip:
 version in stable:  5.52-9
 version in updates: 5.52-9etch1
 Rationales:
  - 5.52-9etch1: DSA 1522 unzip - Programming error

Sourceful update of sword:
 version in stable:  1.5.9-2
 version in updates: 1.5.9-2etch1
 Rationales:
  - 1.5.9-2etch1: DSA 1508 sword - Insufficient input sanitising

Sourceful update of horde3:
 version in stable:  3.1.3-4etch2
 version in updates: 3.1.3-4etch3
 Rationales:
  - 3.1.3-4etch3: DSA 1519 horde3 - Insufficient input sanitising

Sourceful update of vlc:
 version in stable:  0.8.6-svn20061012.debian-5etch1
 version in updates: 0.8.6-svn20061012.debian-5.1+etch2
 Rationales:
  - 0.8.6-svn20061012.debian-5.1+etch2: DSA 1543 vlc - Fix several vulnerabilities

Sourceful update of cpio:
 version in stable:  2.6-18
 version in updates: 2.6-18.1+etch1
 Rationales:
  - 2.6-18.1+etch1: DSA 1566 cpio - Fix denial of service

Sourceful update of qt-x11-free:
 version in stable:  3:3.3.7-4etch1
 version in updates: 3:3.3.7-4etch2
 Rationales:
  - 3.3.7-4etch2: qt-x11-free - Ease updates of KDE by hardcoding the unames

Sourceful update of gs-gpl:
 version in stable:  8.54.dfsg.1-5
 version in updates: 8.54.dfsg.1-5etch1
 Rationales:
  - 8.54.dfsg.1-5etch1: DSA 1510 gs-gpl - Arbitrary code execution

Sourceful update of ldapscripts:
 version in stable:  1.4-2
 version in updates: 1.4-2etch1
 Rationales:
  - 1.4-2etch1: DSA 1517 ldapscripts - Information disclosure

Sourceful update of gnome-peercast:
 version in stable:  0.5.4-1.1
 version in updates: 0.5.4-1.1etch0
 Rationales:
  - 0.5.4-1.1etch0: DSA 1583 gnome-peercast - Fix several vulnerabilities

Sourceful update of pcre3:
 version in stable:  6.7+7.4-2
 version in updates: 6.7+7.4-4
 Rationales:
  - 6.7+7.4-3: DSA 1499 pcre3 - Arbitrary code execution
  - 6.7+7.4-4: DSA 1602 pcre3 - arbitrary code execution

Sourceful update of evolution:
 version in stable:  2.6.3-6etch1
 version in updates: 2.6.3-6etch2
 Rationales:
  - 2.6.3-6etch2: DSA 1512 evolution - Arbitrary code execution

Sourceful update of iceape:
 version in stable:  1.0.11~pre071022-0etch1
 version in updates: 1.0.13~pre080323b-0etch3
 Rationales:
  - 1.0.12~pre080131b-0etch1: DSA 1506 iceape - Fix several vulnerabilities
  - 1.0.12~pre080131b-0etch2: DSA 1506 iceape - Fix several vulnerabilities (fixes for regression)
  - 1.0.13~pre080323b-0etch1: DSA 1534 iceape - Fixes for several vulnerabilities
  - 1.0.13~pre080323b-0etch2: DSA 1534 iceape - Fix several vulnerabilities (fixes for regression)
  - 1.0.13~pre080323b-0etch3: DSA 1562 iceape - Fix arbitrary code execution

Sourceful update of trac:
 version in stable:  0.10.3-1etch2
 version in updates: 0.10.3-1etch3
 Rationales:
  - 0.10.3-1etch3: trac - fix multiple issues (#444052, #438685)

Sourceful update of libcairo:
 version in stable:  1.2.4-4
 version in updates: 1.2.4-4.1+etch1
 Rationales:
  - 1.2.4-4.1+etch1: DSA 1542 libcairo - Arbitrary code execution

Sourceful update of xorg-server:
 version in stable:  2:1.1.1-21etch4
 version in updates: 2:1.1.1-21etch5
 Rationales:
  - 1.1.1-21etch5: DSA 1595 xorg-server - several vulnerabilities

Sourceful update of turba2:
 version in stable:  2.1.3-1
 version in updates: 2.1.3-1etch1
 Rationales:
  - 2.1.3-1etch1: DSA 1507 turba2 - Fix permission testing

Sourceful update of xulrunner:
 version in stable:  1.8.0.15~pre080131b-0etch1
 version in updates: 1.8.0.15~pre080323b-0etch2
 Rationales:
  - 1.8.0.15~pre080323b-0etch1: DSA 1532 xulrunner - Fix several vulnerabilities
  - 1.8.0.15~pre080323b-0etch2: DSA 1558 xulrunner - Fix arbitrary code execution

Sourceful update of xserver-xorg-video-nv:
 version in stable:  1:1.2.0-3
 version in updates: 1:2.0.3-1
 Rationales:
  - 2.0.3-1: xserver-xorg-video-nv - Etch and a half upload supporting new hardware

Sourceful update of pdns-recursor:
 version in stable:  3.1.4-1
 version in updates: 3.1.4-1+etch2
 Rationales:
  - 3.1.4-1+etch1: DSA 1544 pdns-recursor - Fix cache poisioning vulnerability
  - 3.1.4-1+etch2: DSA 1544 pdns-recursor - predictable randomness

Sourceful update of xwine:
 version in stable:  1.0.1-1
 version in updates: 1.0.1-1etch1
 Rationales:
  - 1.0.1-1etch1: DSA 1522 xwine - Fix several vulnerabilities

Sourceful update of kernel-patch-openvz:
 version in stable:  028.18.1etch5
 version in updates: 028.18.1+etch6
 Rationales:
  - 028.18.1+etch6: DSA 1428 linux-2.6 - several vulnerabilities

Sourceful update of libvorbis:
 version in stable:  1.1.2.dfsg-1.3
 version in updates: 1.1.2.dfsg-1.4
 Rationales:
  - 1.1.2.dfsg-1.4: DSA 1591 libvorbis - several vulnerabilities

Sourceful update of linux-2.6:
 version in stable:  2.6.18.dfsg.1-18etch1
 version in updates: 2.6.18.dfsg.1-22
 Rationales:
  - 2.6.18.dfsg.1-19: linux-2.6 - several issues (#473824) (#466401) (#471427) (#469058)
  - 2.6.18.dfsg.1-20: linux-2.6 - several issues (#473824) (#466401) (#471427) (#469058)
  - 2.6.18.dfsg.1-21: linux-2.6 - several issues (#473824) (#466401) (#471427) (#469058) (#464923)
  - 2.6.18.dfsg.1-22: linux-2.6 - several issues (#473824) (#466401) (#471427) (#469058) (#464923) (#479773) (#410807)

Sourceful update of libimager-perl:
 version in stable:  0.50-1
 version in updates: 0.50-1etch1
 Rationales:
  - 0.50-1etch1: DSA 1498 libimager-perl - Arbitrary code execution

Sourceful update of debconf:
 version in stable:  1.5.11etch1
 version in updates: 1.5.11etch2
 Rationales:
  - 1.5.11etch2: debconf - Make debconf-apt-progress compatible with the Lenny installer

Sourceful update of openoffice.org:
 version in stable:  2.0.4.dfsg.2-7etch4
 version in updates: 2.0.4.dfsg.2-7etch5
 Rationales:
  - 2.0.4.dfsg.2-7etch5: DSA 1547 openoffice.org - Fix arbitrary code execution

Sourceful update of koffice:
 version in stable:  1:1.6.1-2etch1
 version in updates: 1:1.6.1-2etch2
 Rationales:
  - 1.6.1-2etch2: DSA 1509 koffice - Multiple vulnerabilities (xpdf)

Sourceful update of alsaplayer:
 version in stable:  0.99.76-9
 version in updates: 0.99.76-9+etch1
 Rationales:
  - 0.99.76-9+etch1: DSA 1538 alsaplayer - Fix arbitrary code execution

Sourceful update of rdesktop:
 version in stable:  1.5.0-1etch1
 version in updates: 1.5.0-1etch2
 Rationales:
  - 1.5.0-1etch2: DSA 1573 rdesktop - Fix several vulnerabilities

Sourceful update of libxslt:
 version in stable:  1.1.19-1
 version in updates: 1.1.19-2
 Rationales:
  - 1.1.19-2: DSA 1589 libxslt - arbitrary code execution

Sourceful update of dspam:
 version in stable:  3.6.8-5
 version in updates: 3.6.8-5etch1
 Rationales:
  - 3.6.8-5etch1: DSA 1501 dspam - Information disclosure

Sourceful update of exiftags:
 version in stable:  0.98-1
 version in updates: 0.98-1.1+etch1
 Rationales:
  - 0.98-1.1+etch1: DSA 1533 exiftags - Several vulnerabilities

Sourceful update of exiv2:
 version in stable:  0.10-1.5
 version in updates: 0.10-1.6
 Rationales:
  - 0.10-1.6: exiv2 - Fix regression in security update (#462450)

Sourceful update of rsync:
 version in stable:  2.6.9-2etch1
 version in updates: 2.6.9-2etch2
 Rationales:
  - 2.6.9-2etch2: DSA 1545 rsync - Arbitrary code execution

Sourceful update of alsa-driver:
 version in stable:  1.0.13-5
 version in updates: 1.0.13-5etch1
 Rationales:
  - 1.0.13-5etch1: DSA 1505 alsa-driver - kernel memory leak

Sourceful update of glibc:
 version in stable:  2.3.6.ds1-13etch5
 version in updates: 2.3.6.ds1-13etch7
 Rationales:
  - 2.3.6.ds1-13etch6: glibc - Fix nscd host caching (#467609)
  - 2.3.6.ds1-13etch7: glibc - Fix linker script for libraries using TLS (#478542)

Sourceful update of poppler:
 version in stable:  0.4.5-5.1etch2
 version in updates: 0.4.5-5.1etch3
 Rationales:
  - 0.4.5-5.1etch3: DSA 1606 poppler - execution of arbitrary code

Sourceful update of afuse:
 version in stable:  0.1.1-1
 version in updates: 0.1.1-1+etch1
 Rationales:
  - 0.1.1-1+etch1: DSA 1611 afuse - privilege escalation

Sourceful update of icu:
 version in stable:  3.6-2
 version in updates: 3.6-2etch1
 Rationales:
  - 3.6-2etch1: DSA 1511 libicu - Multiple problems

Sourceful update of clamav:
 version in stable:  0.90.1dfsg-3etch9
 version in updates: 0.90.1dfsg-3etch11
 Rationales:
  - 0.90.1dfsg-3etch10: DSA 1497 clamav - Several vulnerabilities
  - 0.90.1dfsg-3etch11: DSA 1549 clamav - Fix several vulnerabilities

Sourceful update of mysql-dfsg-5.0:
 version in stable:  5.0.32-7etch5
 version in updates: 5.0.32-7etch6
 Rationales:
  - 5.0.32-7etch6: DSA 1608 mysql-dfsg-5.0 - authorization bypass

Sourceful update of python2.4:
 version in stable:  2.4.4-3
 version in updates: 2.4.4-3+etch1
 Rationales:
  - 2.4.4-3+etch1: DSA 1551 python2.4 - Fix several vulnerabilities

Sourceful update of gnumeric:
 version in stable:  1.6.3-5
 version in updates: 1.6.3-5.1+etch1
 Rationales:
  - 1.6.3-5.1+etch1: DSA 1546 gnumeric - Fix arbitrary code execution

Sourceful update of ikiwiki:
 version in stable:  1.33.3
 version in updates: 1.33.6
 Rationales:
  - 1.33.4: DSA 1523 ikiwiki - Fix cross-site scripting
  - 1.33.5: DSA 1553 ikiwiki - Fix cross-site request forgery
  - 1.33.6: DSA 1553 ikiwiki - Fix cross-site request forgery (fixes for regression)

Sourceful update of roundup:
 version in stable:  1.2.1-5
 version in updates: 1.2.1-5+etch2
 Rationales:
  - 1.2.1-5+etch1: DSA 1554 roundup - Fix cross-site scripting vulnerabily
  - 1.2.1-5+etch2: DSA 1554 roundup - Fix cross-site scripting vulnerability (fixes for regression)

Sourceful update of kazehakase:
 version in stable:  0.4.2-1
 version in updates: 0.4.2-1etch1
 Rationales:
  - 0.4.2-1etch1: DSA 1570 kazehakase - Fix arbitrary code execution

Sourceful update of xpdf:
 version in stable:  3.01-9etch1
 version in updates: 3.01-9.1+etch5
 Rationales:
  - 3.01-9.1+etch2: DSA 1537 xpdf - Multiple vulnerabilities
  - 3.01-9.1+etch4: DSA 1548 xpdf - Fix arbitrary code execution
  - 3.01-9.1+etch5: xpdf - Remove strict versioned dependency on xpdf-utils to fix upgrade.

Sourceful update of openssh:
 version in stable:  1:4.3p2-9
 version in updates: 1:4.3p2-9etch2
 Rationales:
  - 4.3p2-9etch2: DSA 1576 openssh - Fix predictable randomness

Sourceful update of openssl:
 version in stable:  0.9.8c-4etch1
 version in updates: 0.9.8c-4etch3
 Rationales:
  - 0.9.8c-4etch2: openssl - Security update fixing CVE-2007-4995 and CVE-2007-3108 (#438142)
  - 0.9.8c-4etch3: DSA 1571 openssl - Fix predictable random number generator

Sourceful update of xpenguins-applet:
 version in stable:  2.1.1-3.1
 version in updates: 2.1.1-3.1etch1
 Rationales:
  - 2.1.1-3.1etch1: xpenguins-applet - Avoid double free (#442284, #364590)

Sourceful update of policyd-weight:
 version in stable:  0.1.14-beta-6
 version in updates: 0.1.14-beta-6etch2
 Rationales:
  - 0.1.14-beta-6etch1: DSA 1531 policyd-weight - Fix insecure temporary files
  - 0.1.14-beta-6etch2: DSA 1531 policyd-weight - Fix insecure temporary files

Sourceful update of kiosktool:
 version in stable:  1.0-1.1
 version in updates: 1.0-2~etch+1
 Rationales:
  - 1.0-2~etch+1: kiosktool - Correct the path to the KDE menu file (#348888)

Sourceful update of libgd2:
 version in stable:  2.0.33-5.2
 version in updates: 2.0.33-5.2etch1
 Rationales:
  - 2.0.33-5.2etch1: DSA 1613 libgd2 - multiple vulnerabilities

Sourceful update of phpmyadmin:
 version in stable:  4:2.9.1.1-6
 version in updates: 4:2.9.1.1-7
 Rationales:
  - 2.9.1.1-7: DSA 1557 phpmyadmin - Fix several vulnerabilities

Sourceful update of icedove:
 version in stable:  1.5.0.13+1.5.0.15b.dfsg1-0etch1
 version in updates: 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1
 Rationales:
  - 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1: DSA 1574 icedove - Fix several vulnerabilities
  - 1.5.0.13+1.5.0.15b.dfsg1-0etch2: DSA 1485 icedove - Several vulnerabilities (fixes for regression)

Sourceful update of ltsp:
 version in stable:  0.99debian11
 version in updates: 0.99debian11+etch1
 Rationales:
  - 0.99debian11+etch1: DSA 1561 ltsp - Fix information disclosure

Sourceful update of phpgedview:
 version in stable:  4.0.2.dfsg-2
 version in updates: 4.0.2.dfsg-4
 Rationales:
  - 4.0.2.dfsg-3: DSA 1559 phpgedview - Fix cross site scripting
  - 4.0.2.dfsg-4: DSA 1580 phpgedview - Fix privilege escalation

Sourceful update of suphp:
 version in stable:  0.6.2-1
 version in updates: 0.6.2-1+etch0
 Rationales:
  - 0.6.2-1+etch0: DSA 1550 suphp - Fix local privilege escalation

Sourceful update of openldap2.3:
 version in stable:  2.3.30-5
 version in updates: 2.3.30-5+etch1
 Rationales:
  - 2.3.30-5+etch1: DSA 1541 openldap2.3 - Fix denial of service

Sourceful update of perl:
 version in stable:  5.8.8-7etch1
 version in updates: 5.8.8-7etch3
 Rationales:
  - 5.8.8-7etch2: DSA 1556 perl - Fix denial of service
  - 5.8.8-7etch3: DSA 1556 perl - Fix denial of service (revised security update)

Sourceful update of tzdata:
 version in stable:  2007j-1etch1
 version in updates: 2007k-1etch1
 Rationales:
  - 2007k-1etch1: tzdata - New timezone information (#457938, #469194)

Sourceful update of wordpress:
 version in stable:  2.0.10-1
 version in updates: 2.0.10-1etch3
 Rationales:
  - 2.0.10-1etch1: DSA 1502 wordpress - Multiple vulnerabilities
  - 2.0.10-1etch2: DSA 1564 wordpress - several vulnerabilities
  - 2.0.10-1etch3: DSA 1601 wordpress - several vulnerabilities

Sourceful update of vzctl:
 version in stable:  3.0.11-13
 version in updates: 3.0.11-14
 Rationales:
  - 3.0.11-14: vzctl - Fix file permission transfer on migrations (#469293)

Sourceful update of bind9:
 version in stable:  1:9.3.4-2etch1
 version in updates: 1:9.3.4-2etch3
 Rationales:
  - 9.3.4-2etch3: DSA 1603 bind9 - fix cache poisioning

Sourceful update of dbus:
 version in stable:  1.0.2-1
 version in updates: 1.0.2-1+etch1
 Rationales:
  - 1.0.2-1+etch1: DSA 1599 dbus - programming error (CVE-2008-0595)

Sourceful update of chkrootkit:
 version in stable:  0.47-1.1
 version in updates: 0.47-2
 Rationales:
  - 0.47-2: chkrootkit - Enye check was killing random applications (#421864)

Sourceful update of python-django:
 version in stable:  0.95.1-1
 version in updates: 0.95.1-1etch1
 Rationales:
  - 0.95.1-1etch1: python-django - Fix cross-site scripting vulnerability (#481164)

Sourceful update of netpbm-free:
 version in stable:  2:10.0-11
 version in updates: 2:10.0-11.1+etch1
 Rationales:
  - 10.0-11.1+etch1: DSA 1579 netpbm-free - Fix arbitrary code execution

Sourceful update of wml:
 version in stable:  2.0.11-1etch1
 version in updates: 2.0.11-1etch2
 Rationales:
  - 2.0.11-1etch2: DSA 1492 wml - clean up temporary files (#471345)

Sourceful update of lighttpd:
 version in stable:  1.4.13-4etch4
 version in updates: 1.4.13-4etch10
 Rationales:
  - 1.4.13-4etch10: DSA 1540 lighttpd - fixes for regression
  - 1.4.13-4etch5: DSA 1513 lighttpd - Fix CGI source disclosure
  - 1.4.13-4etch6: lighttpd - Arbitrary file disclosure
  - 1.4.13-4etch7: DSA 1540 lighttpd - Fix denial of service
  - 1.4.13-4etch8: DSA 1540 lighttpd - Fix denial of service (fixes for regressions)
  - 1.4.13-4etch9: lighttpd - Update by the maintainer for CVE-2008-1531 (denial of service, DSA 1540)

Sourceful update of imlib2:
 version in stable:  1.3.0.0debian1-4
 version in updates: 1.3.0.0debian1-4+etch1
 Rationales:
  - 1.3.0.0debian1-4+etch1: DSA 1594 imlib2 - Fix buffer overflows in XPM and PNM loaders. (CVE-2008-2426)

Sourceful update of gaim:
 version in stable:  1:2.0.0+beta5-10
 version in updates: 1:2.0.0+beta5-10etch1
 Rationales:
  - 2.0.0+beta5-10etch1: DSA 1610 gaim - fix execution of arbitrary code

Sourceful update of cupsys:
 version in stable:  1.2.7-4etch2
 version in updates: 1.2.7-4etch3
 Rationales:
  - 1.2.7-4etch3: DSA 1530 cupsys - Multiple vulnerabilities

Sourceful update of cacti:
 version in stable:  0.8.6i-3.2
 version in updates: 0.8.6i-3.5
 Rationales:
  - 0.8.6i-3.3: DSA 1569 cacti - Fix multiple vulnerabilities
  - 0.8.6i-3.4: DSA 1569 cacti - Fix multiple vulnerabilities (fixes for regression)
  - 0.8.6i-3.5: DSA 1569 cacti - insufficient input sanitising (fix for regression)

Sourceful update of base-installer:
 version in stable:  1.76
 version in updates: 1.76etch1
 Rationales:
  - 1.76etch1: base-installer - correctly recognize powerpc64 systems (#469030)

Sourceful update of mtr:
 version in stable:  0.71-2
 version in updates: 0.71-2etch1
 Rationales:
  - 0.71-2etch1: DSA 1587 mtr - Fix arbitrary code execution

Sourceful update of grub:
 version in stable:  0.97-27
 version in updates: 0.97-27etch1
 Rationales:
  - 0.97-27etch1: grub - Fix 1 TiB disk addressing limit (#450951)

Sourceful update of proftpd-dfsg:
 version in stable:  1.3.0-19
 version in updates: 1.3.0-19etch1
 Rationales:
  - 1.3.0-19etch1: CVE-2007-2165 proftpd - fix authentication cache problem

Sourceful update of typo3-src:
 version in stable:  4.0.2+debian-4
 version in updates: 4.0.2+debian-5
 Rationales:
  - 4.0.2+debian-4: DSA 1596 typo3-src - several vulnerabilities
  - 4.0.2+debian-5: DSA 1596 typo3-src - several vulnerabilities

Sourceful update of aboot:
 version in stable:  0.9b-3
 version in updates: 0.9b-3+etchnhalf.1
 Rationales:
  - 0.9b-3+etchnhalf.1: aboot - fix alpha build, add support for >= 2.6.23 kernels

Sourceful update of mapserver:
 version in stable:  4.10.0-5+etch1
 version in updates: 4.10.0-5.1+etch2
 Rationales:
  - 4.10.0-5.1+etch2: DSA 1539 mapserver - Multiple vulnerabilities

Sourceful update of mt-daapd:
 version in stable:  0.2.4+r1376-1
 version in updates: 0.2.4+r1376-1.1+etch1
 Rationales:
  - 0.2.4+r1376-1: DSA 1597 mt-daapd - multiple vulnerabilities
  - 0.2.4+r1376-1.1+etch1: DSA 1597 mt-daapd - several vulnerabilities

Sourceful update of firmware-nonfree:
 version in stable:  0.4
 version in updates: 0.4+etchnhalf.1
 Rationales:
  - 0.4etch1: firmware-nonfree - build-depend on new kernel ABI 2.6-6 (Closes: #468215)

Sourceful update of cbrpager:
 version in stable:  0.9.14-3
 version in updates: 0.9.14-3+etch1
 Rationales:
  - 0.9.14-3+etch1: cbrpager - Backported security fixes from upstream 0.9.18 for CVE-2008-2575

Sourceful update of gs-esp:
 version in stable:  8.15.3.dfsg.1-1
 version in updates: 8.15.3.dfsg.1-1etch1
 Rationales:
  - 8.15.3.dfsg.1-1etch1: DSA 1510 gs-esp - Arbitrary code execution

Sourceful update of tomcat5.5:
 version in stable:  5.5.20-2etch2
 version in updates: 5.5.20-2etch3
 Rationales:
  - 5.5.20-2etch2: DSA 1593 tomcat5.5 - missing input sanitising
  - 5.5.20-2etch3: DSA 1593 tomcat5.5 - fix cross-site scripting issue

Sourceful update of krb5:
 version in stable:  1.4.4-7etch4
 version in updates: 1.4.4-7etch6
 Rationales:
  - 1.4.4-7etch5: DSA 1524 krb5 - Multiple vulnerabilities
  - 1.4.4-7etch6: krb5 - Fix rare kadmind crash on 64-bit platforms during password change (#428732)

Sourceful update of pdftohtml:
 version in stable:  0.36-13
 version in updates: 0.36-13etch1
 Rationales:
  - 0.36-13etch1: pdftohtml - Transition users to poppler-utils

Sourceful update of serendipity:
 version in stable:  1.0.4-1
 version in updates: 1.0.4-1+etch1
 Rationales:
  - 1.0.4-1+etch1: DSA 1528 serendipity - Fix cross site scripting

Sourceful update of licq:
 version in stable:  1.3.4-2
 version in updates: 1.3.4-2etch1
 Rationales:
  - 1.3.4-2etch1: licq - fixing "ICQ version too old" connection failure (#488887, #488934)

Sourceful update of b2evolution:
 version in stable:  0.9.2-3
 version in updates: 0.9.2-3+etch1
 Rationales:
  - 0.9.2-3+etch1: DSA 1568 b2evolution - Fix cross site scripting

Sourceful update of initramfs-tools:
 version in stable:  0.85h
 version in updates: 0.85i
 Rationales:
  - 0.85i: initramfs-tools - Fix MBR checking on md devices (#469312) and booting with Xen

Sourceful update of libfishsound:
 version in stable:  0.7.0-2
 version in updates: 0.7.0-2etch1
 Rationales:
  - 0.7.0-2etch1: DSA 1584 libfishsound - Fix arbitrary code execution

Sourceful update of backup-manager:
 version in stable:  0.7.5-3
 version in updates: 0.7.5-4
 Rationales:
  - 0.7.5-4: DSA 1518 backup-manager - Password disclosure

Sourceful update of ruby1.8:
 version in stable:  1.8.5-4etch1
 version in updates: 1.8.5-4etch2
 Rationales:
  - 1.8.5-4etch2: DSA 1612 ruby1.8 - several vulnerabilities

Sourceful update of sdl-image1.2:
 version in stable:  1.2.5-2etch1
 version in updates: 1.2.5-2+etch1
 Rationales:
  - 1.2.5-2+etch1: DSA 1493 sdl-image1.2 - Rebuild with higher version number

Sourceful update of php4:
 version in stable:  6:4.4.4-8+etch4
 version in updates: 6:4.4.4-8+etch6
 Rationales:
  - 4.4.4-8+etch6: DSA 1578 php4 - Fix several vulnerabilities

Sourceful update of php5:
 version in stable:  5.2.0-8+etch10
 version in updates: 5.2.0-8+etch11
 Rationales:
  - 5.2.0-8+etch11: DSA 1572 php5 - Fix several vulnerabilities
  - 5.2.0-8+etch11~p1: php5 - Fix crashes with php5-recode (#459020)

Sourceful update of splitvt:
 version in stable:  1.6.5-9
 version in updates: 1.6.5-9etch1
 Rationales:
  - 1.6.5-9etch1: DSA 1500 splitvt - Fix privilege escalation

Sourceful update of xine-lib:
 version in stable:  1.1.2+dfsg-5
 version in updates: 1.1.2+dfsg-7
 Rationales:
  - 1.1.2+dfsg-6: DSA 1536 xine-lib - Several vulnerabilities
  - 1.1.2+dfsg-7: DSA 1586 xine-lib - Fix several vulnerabilities

Sourceful update of wireless-tools:
 version in stable:  28-1
 version in updates: 28-1+etchnhalf.1
 Rationales:
  - 28-1+etchnhalf.1: wireless-tools - update to claim support for WE API in etchnhalf kernel

Sourceful update of gforge:
 version in stable:  4.5.14-22etch5
 version in updates: 4.5.14-22etch8
 Rationales:
  - 4.5.14-22etch6: DSA 1577 gforge - Fix insecure temporary files
  - 4.5.14-22etch7: DSA 1577 gforge - Fix insecure temporary files (fixes for regression)
  - 4.5.14-22etch8: DSA 1577 gforge - Fix insecure temporary files (fixes for regression)

Sourceful update of asterisk:
 version in stable:  1:1.2.13~dfsg-2etch2
 version in updates: 1:1.2.13~dfsg-2etch4
 Rationales:
  - 1.2.13~dfsg-2etch3: DSA 1525 asterisk - Several vulnerabilities
  - 1.2.13~dfsg-2etch4: DSA 1563 asterisk - Fix denial of service

Sourceful update of debian-goodies:
 version in stable:  0.27
 version in updates: 0.27+etch1
 Rationales:
  - 0.27+etch1: DSA 1527 debian-goodies - Insufficient input sanitising

Sourceful update of mplayer:
 version in stable:  1.0~rc1-12etch2
 version in updates: 1.0~rc1-12etch3
 Rationales:
  - 1.0~rc1-12etch3: DSA 1552 mplayer - Fix arbitrary code execution

Sourceful update of iceweasel:
 version in stable:  2.0.0.12-0etch1
 version in updates: 2.0.0.15-0etch1
 Rationales:
  - 2.0.0.13-0etch1: DSA 1535 iceweasel - Fixes for several vulnerabilities
  - 2.0.0.14-0etch1: DSA 1555 iceweasel - Fix arbitrary code execution
  - 2.0.0.15-0etch1: DSA 1607 iceweasel - fix several vulnerabilities

Sourceful update of znc:
 version in stable:  0.045-3
 version in updates: 0.045-3+etch1
 Rationales:
  - 0.045-3+etch1: znc - Fix NULL pointer deferences leading to crashes

Sourceful update of smarty:
 version in stable:  2.6.14-1
 version in updates: 2.6.14-1etch1
 Rationales:
  - 2.6.14-1etch1: DSA 1520 smarty - Insufficient input sanitising

Sourceful update of wxmaxima:
 version in stable:  0.7.0a-1
 version in updates: 0.7.0a-1.1
 Rationales:
  - 0.7.0a-1.1: wxmaxima - fix connection problems making the package unusable (#432665)

Sourceful update of libnet-dns-perl:
 version in stable:  0.59-1
 version in updates: 0.59-1etch1
 Rationales:
  - 0.59-1etch1: DSA 1515 libnet-dns-perl - Several vulnerabilities

Sourceful update of balsa:
 version in stable:  2.3.13-2
 version in updates: 2.3.13-3
 Rationales:
  - 2.3.13-3: balsa - Fix for stack-based buffer overflow

Sourceful update of partman-lvm:
 version in stable:  53
 version in updates: 53etch1
 Rationales:
  - 53etch1: partman-lvm - Fix installation with already existing RAID (#470374)

Sourceful update of gnutls13:
 version in stable:  1.4.4-3
 version in updates: 1.4.4-3+etch1
 Rationales:
  - 1.4.4-3+etch1: DSA 1581 gnutls13 - Fix potential code execution


binNMU for source package gtimer:
 - 1.1.6-11+b1: amd64
 Rationale: rebuild against Etch libraries (#466453)

binNMU for source package kdebase:
 - 4:3.5.5a.dfsg.1-6etch2+b1: arm
 Rationale: rebuild against updated qt-x11-free and kdelibs

binNMU for source package kdelibs:
 - 4:3.5.5a.dfsg.1-8etch1+b1: arm
 Rationale: rebuild against updated qt-x11-free

binNMU for source package sage:
 - 0.1.2-1+b2: ia64
 Rationale: Rebuild against libsdl1.2_1.2.11-8 to kill off dangling .la references.

binNMU for source package sear:
 - 0.6.1-1+b1: ia64
 Rationale: Rebuild against lib3ds-dev 1.2.0-4.1+etch1 (propagate fix for #399761)

binNMU for source package apache2-mpm-itk:
 - 2.2.3-01-2+b2: s390 amd64 sparc powerpc arm i386 mips ia64 alpha mipsel hppa
 Rationale: rebuild against updated apache2

Requires further Investigation
------------------------------

These packages need further investigation.  One reason the package is
listed here could be that I'm not yet convinced this package should go
into stable, but don't want to reject it entirely at the moment.

Another reason could be that released and updated architectures are
not yet in sync.

Removed Packages
----------------

These packages will be removed from the stable Debian distribution.
This normally only a result of license problems when the license
prohibits their distribution.

Removal of source package glimpse:
  Rationale: #474322: RM: glimpse/stable -- licensing
  To be removed:
    glimpse |   4.18.5-1 | stable/non-free | source, alpha, amd64, arm,
      hppa, i386, ia64, mips, mipsel, powerpc, sparc

Removal of source package dcc:
  Rationale: #475088: RM: dcc/stable -- security issues
  To be removed:
    dcc-client |   1.2.74-4 |        stable | alpha, amd64, arm, hppa,
      i386, ia64, mips, mipsel, powerpc, s390, sparc
    dcc-common |   1.2.74-4 |        stable | alpha, amd64, arm, hppa,
      i386, ia64, mips, mipsel, powerpc, s390, sparc
    dcc-milter |   1.2.74-4 |        stable | alpha, amd64, arm, hppa,
      i386, ia64, mips, mipsel, powerpc, s390, sparc
    dcc-server |   1.2.74-4 |        stable | alpha, amd64, arm, hppa,
      i386, ia64, mips, mipsel, powerpc, s390, sparc
    dcc        |   1.2.74-4 |        stable | source

Removal of source package maxdb-7.5.00:
  Rationale: #481231: RM: maxdb-7.5.00/stable - security issues
  To be removed:
    libsqldbc75             | 7.5.00.34-7 |        stable | amd64, i386, ia64
    libsqldbc75-dev         | 7.5.00.34-7 |        stable | amd64, i386, ia64
    libsqlod75              | 7.5.00.34-7 |        stable | amd64, i386, ia64
    libsqlod75-dev          | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-dbanalyzer        | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-dbmcli            | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-loadercli         | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-lserver           | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-server            | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-server-7.5.00     | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-server-dbg-7.5.00 | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-sqlcli            | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-webtools          | 7.5.00.34-7 |        stable | amd64, i386, ia64
    python-maxdb            | 7.5.00.34-7 |        stable | amd64, i386, ia64
    python-maxdb-loader     | 7.5.00.34-7 |        stable | amd64, i386, ia64
    maxdb-7.5.00            | 7.5.00.34-7 |        stable | source

Disclaimer
----------

This list intends to help the ftp-masters releasing 4.0r4.  They have the
final power to accept a package or not.  If you want to comment on
this list, please send a mail to the debian release mailing list=20
<debian-release@lists.debian.org>.

Last updated 2008/07/24 16:30 CEST