MySQL 5.0.77 packages are now available on Dotdeb for Debian Etch amd64/i386.
This is a maintenance release that fix some annoying bugs and a severe security issue.
Please read the official list of changes in 5.0.77 before upgrading.
The PHP Group released PHP 5.2.8 this morning to fix the magic_quotes_gpc issue.
If you previously installed PHP 5.2.7-0.dotdeb.1 from Dotdeb and do not care about the version number displayed in your phpinfo(), save your bandwidth, your server is already secure 🙂 Otherwise, just apt-get upgrade your LAMP stack…
[update] The packages have been upgraded to 5.2.8-0.dotdeb.1 to fix an issue about pcre & utf8.
Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :
(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.
I just fixed this issue in the Dotdeb packages, just upgrade your servers.