-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : psensor Version : 0.6.2.17-2+deb7u1 CVE ID : CVE-2014-10073 Debian Bug : 896195
It was discovered that psensor, a server for monitoring hardware sensors remotely, was prone to a directory traversal vulnerability because the create_response function in server/server.c lacks a check for whether a file is under the webserver directory. For Debian 7 "Wheezy", these problems have been fixed in version 0.6.2.17-2+deb7u1. We recommend that you upgrade your psensor packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrfk5ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRr2Q//bfzgyEPWdoetLOXoP4XF4Nws6BZYw4zjXRqMzYyfR9Pc3wEY+WcBDjsa hnL6y3eaSXmAa6lF78bWInp3KY7xPG1an6cNYzBQLJp8MrEPvGy0JnaE2sydm80C ea1df0E5CwiigO1tOpQk/9TR1fPFtFB1ANK+EQcnPkfgQ1tRQzMT2Qm2Eo9YD+uN iRI0v7+Q1tcxbvXDwDFgQwvE03IKPLm9AHmMLQpV7cBRKFZaNEFaOyU054BpXv+9 Y8+4uuOtk4/NxiP5w1hcFyFbNp1nb3A8oae/gn96WP032TDV2fz5Im+AYeo6xRqJ dkLOnvbAQZzKdfUfD3ZpYB4mlqnkWJDIWhqAkNgmabPFnnia6lfTHm4vxPGsYW8S RfUDwRaC64Ivqr7cPOrS7F4tA1O4GUHtTdmoJRVS7SUAlBaujek4nOkCYAdyhiwn XqXZnn3WNuoTlhTNe2b7gV1JitNIyU6qLsYX/urHTpmKy07XOabaPGIE3NggICm/ t4+x6gUY0ntyQdkjwP5UsTcFtzANAWSpME63QYWy4y3ClcmJZWPeZrsiw+YZj2eu f8XKNKpB1njq1Px9hluGjP2gPnYKoMznFdZwvvp346r4qlD7oDWcW11EspCI282i p9OVz6IShPiG6N3frNIxSxqvRh+Y3eziBEV9FOi/P2Zl88/I4d4= =NGZg -----END PGP SIGNATURE-----
