List of packages likely to be included in the next slink update (2.1r6) ======================================================================= In Incoming: Security updates: [Vincent 2000/04/11] package : roxen version : 1.2beta2-3.1 architectures: i386 m68k [ALPHA SPARC MISSING] issue : Security fix - html encoding the output of the tags referer, accept-language, clientname, file Attacker can include code to be parsed by the server [Vincent 2000/04/11] package : floppybackup version : 1.3-2 architectures: i386 m68k [ALPHA SPARC MISSING] issue : Security Fix - fixed temporary file use [Vincent 2000/04/11] package : mysql version : 3.21.33b-4 architectures: i386 m68k [ALPHA SPARC MISSING] issue : Applied the official patch regarding the recently announced security hole that allowed everybody who's host is allowed to connect to the db to guess the password of an existing user with less than 40 tries. [Vincent 2000/04/11] package : mtr version : 0.28-1 architectures: i386 m68k [ALPHA SPARC MISSING] issue : Security fix for theoretical stack-smash-and-fork attack - s/seteuid/setuid/ in mtr.c [Vincent 2000/04/11] package : nmh version : 0.27-0.28-pre8-4 architectures: i386 m68k [ALPHA SPARC MISSING] issue : Applied patch to fix security hole which allowed untrusted shell code to be executed. [Vincent 2000/04/11] package : htdig version : 3.1.5-0.1 architectures: alpha i386 m68k sparc issue : Remote users could abuse htsearch and read files they should not be able to read Y2K updates: *none so far* Other updates: [Vincent 2000/04/11] package : w3-el version : 4.0pre.23-5 architectures: all issue : updated to match updated emacs in 2.1r5. [Vincent 2000/04/11] package : mirror version : 2.9-13slink16 architectures: all issue : corrected the dependancies.