Hi, I've backported to the stable cbrpager release all the security changes for package cbrpager fixing CVE-2008-2575, included in the last upstream cbrpage version 0.9.18.
I've NOT included any other changes.
The patch applied is attached. Please tell me if it is ok to upload it to
stable-proposed-updates.
Salud,
--
Roberto Lumbreras .''`.
<rover : :' : debian.org>
Debian Developer `. `'
`-
On Wed, Jun 11, 2008 at 11:53:17PM +0200, Nico Golde wrote:
: Hi,
: the following CVE (Common Vulnerabilities & Exposures) id was
: published for cbrpager some time ago.
:
: CVE-2008-2575[0]:
: cbrpager is affected by a command execution flaw via
: malicious file names in a similar was as comix was affected
:
: Note, the CVE id is not yet published on the mitre site.
: See Debian bug #482853 for details.
:
: Unfortunately the vulnerability described above is not important enough
: to get it fixed via regular security update in Debian stable. It does
: not warrant a DSA.
:
: However it would be nice if this could get fixed via a regular point
update[1].
: Please contact the release team for this.
:
: This is an automatically generated mail, in case you are already working on an
: upgrade this is of course pointless.
:
: For further information:
: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575
: [1]
http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
:
: Kind regards
: Nico
:
: --
: Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
: For security reasons, all text in this mail is double-rot13 encrypted.
cbrpager-etch1.diff.gz
Description: Binary data
signature.asc
Description: Digital signature
