You are running Debian stable, because you prefer the stable Debian tree. It runs great, there is just one problem: the software is a little bit outdated compared to other distributions. That is where backports come in.

Backports are recompiled packages from testing (mostly) and unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever it is possible) on a stable Debian distribution. I recommend you to pick out single backports which fits your needs, and not to use all backports available here.

Fri Feb 20 22:10:44 CET 2009

lenny-backports started

Hi all, 
I'm proud to announce the start of the lenny-backports distribution. All 
contributors are now asked to provide new backports also for lenny-backports.
But that does not mean etch-backports is dead, we will continue support for  
etch-backports as long as there is security support for oldstable (aka etch).
But remember that contributors are now allowed to add packages to etch-bpo which 
have a higher version than in lenny (because they are allowed to add versions
from squeeze). So it is possible that there is no clean upgrade path from 
etch + backports to lenny. If you don't want this please upgrade to lenny 
or stop installing new package versions from etch-backports. 
Thanks to the unoffical buildd network we are also able to provide autobuild
packages for the following architectures: arm, armel, amd64, powerpc, i386, ia64
and alpha. Possibly mips and sparc will follow. You can find more 
informations about the buildstatus of a package at the buildd webinterface [1].

Thanks for your attention 
Alex - ftp-master of backports.org 

[1] http://buildd.ayous.org

Fri Jul 11 15:20:47 CEST 2008

sarge-backports discontinued

Hi users,
Hi contributors,

as some of you may heard [1] the security support for sarge will be
terminated on March 31st. This will also be the end of backports.org support
for sarge-backports. Uploads to sarge-backports will not be able any more
after this date, but it will not immediatly removed from our servers, so
downloads will still be possible for some time, but don't expect that this
will be forever!

Now is the time to update to Etch and to start using etch-backports :). If
you are experiencing serious upgrade problems from sarge-backports to
etch-backports, please tell us so that we are able to fix this (if its
serious enough :)).

Thank you all very much for your support of backport.org during sarge's
lifetime!

Alex - ftp-master of backports.org

[1] http://www.us.debian.org/News/2008/20080229

Mon, Sep 03 14:55:00 CEST 2007

Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the following security problems:

CVE-2007-4510

  It was discovered that the RTF and RFC2397 parsers can be tricked
  into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560

  It was discovered clamav-milter performs insufficicient input
  sanitising, resulting in the execution of arbitrary shell commands.

For the sarge-backports distribution the problems have been fixed in version 0.91.2-1~bpo31+1.

For the etch-backports distribution the problems have been fixed in version 0.91.2-1~bpo40+1.

Security update for egroupware

Jan Wagner uploaded new packages for egroupware which fixed the following security problem:

CVE-2007-4048

Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo
2.5.4-dev and earlier allows remote attackers to inject arbitrary web
script or HTML via the PATH_INFO.

This issue has been fixed in the 1.2.107-2.dfsg-1.1~bpo40+1 package in etch-backports.

Thu Jul 26 10:26:11 CEST 2007

Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the following security problem:

CVE-2007-3725

A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.

For the sarge-backports distribution the problem has been fixed in version 0.91.1-1~bpo.1.

For the etch-backports distribution the problem has been fixed in version 0.91.1-1~bpo.2.

Wed Jun 27 22:50:59 CEST 2007

Security Update for lighttpd

Dominic Hargreaves uploaded a security update for the lighttpd in sarge backports which fixes the following issues:

CVE-2007-1869

Remote attackers could cause denial of service by disconnecting
partway through making a request.

CVE-2007-1870

A NULL pointer dereference could cause a crash when serving files
with a mtime of 0.

These issues have been fixed in the 1.4.13-10~bpo.2 packages in sarge-backports.

Mon, 07 May 2007 19:22:12 CEST

Rene was so kind to upload OpenOffice.org 2.2.0-6 to Etch backports. Since a recent gcj is available in Etch it has been moved to main again.

Tue, 1 May 2007 12:28 GMT

Etch has been released and we have now etch-backports too. Look at instructions for more details.

Sun, 06 Aug 2006 10:55 GMT

I’m going to remove postgresql-8.0 from the backports.org archive. It’s was already removed from Debian, and the last version of the Debian package which was available is vulnerable to CVE-2006-2313 and CVE-2006-2314, hence the backport is also affected.

Please upgrade to the postgresql-8.1 backport.

Tue, 11 Jul 2006 17:56 GMT

Rene Engelhard uploaded openoffice.org 2.0.3 to backports.org last week. The update fixes some security issues, was moved to contrib, and includes the help files. For details see Renes mail to the backports-users mailinglist.

Fri, 05 May 2006 15:03 GMT

Usually I’ll wait for an updated package in testing/unstable to fix bugs which also affects packages on backports.org. Now the time has come, where this is no longer possible for a package: xorg-x11. Why? We have 6.9 in testing (and on backports.org), and 7.0 in unstable. We’ll see no more updates for the packages in testing, and backporting xorg-x11 7.0 to sarge is a pain in the ass. So we need to stick with 6.9 at least for a while, which primary means we can’t just take a newer package from testing/unstable to fix (security related) bugs.

Yesterday I uploaded xorg-x11 6.9.0.dfsg.1-5bpo2, which fixes CVE-2006-1526, a problem which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. The patch was taken from Ubuntu’s security update.

Thu, 04 May 2006 12:53 GMT

I just uploaded firefox 1.5.dfsg+1.5.0.3-0bpo1 to backports.org this morning, because it fixed an important security related bug (see #364810). And boom... a few hours later, bug #365960 was filed. Of course, the backport is affected too. So, think twice before upgrading the firefox backport, I’m sure Eric Dorland and/or Mike Hommey (who are doing a great job maintaining a monster like firefox) are going to fix this in unstable soon.

Update: 1.5.dfsg+1.5.0.3-2 was uploaded to unstable, and the backport is already updated.

Wed, 08 Mar 2006 13:39 GMT

A little bit later than promised, I just uploaded the slides of my talk from the Chemnitzer Linux-Tage about backporting and backports.org to my website. I hope I found and fixed all remaining typos.

Tue, 07 Mar 2006 18:36 GMT

Mickael Marchand noticed a problem with the mysql-dfsg backport on amd64. I don’t own such hardware, but fortunately Christian Hammers was able to reproduce that problem, which seems not to be Debian related, so he filed a bugreport to the MySQL bug tracking system.

Sun, 29 Jan 2006 10:55 GMT

We have a mailinglist, please use it when you have questions about some backports. I’m not responsible for all packages on backports.org, and can’t help with every single problem. Most people uploading packages are reading this list.

Sat, 28 Jan 2006 16:33 GMT

My talk at this years Chemnitzer Linux-Tage about backporting in general and backports.org in special was just accepted. See you there!