This automatic mail gives an overview over security issues that were recently fixed in Debian Testing. The majority of fixed packages migrate to testing from unstable. If this would take too long, fixed packages are uploaded to the testing-security repository instead. It can also happen that vulnerable packages are removed from Debian testing.
Migrated from unstable: ======================= cups 1.3.8-1lenny4: CVE-2008-5286: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 http://bugs.debian.org/507183 flamethrower 0.1.8-2: CVE-2008-5141: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5141 http://bugs.debian.org/506350 iceape 1.1.13-1: CVE-2008-0017: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017 CVE-2008-4582: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582 CVE-2008-5012: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012 CVE-2008-5013: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013 CVE-2008-5014: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014 CVE-2008-5016: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016 CVE-2008-5017: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017 CVE-2008-5018: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018 CVE-2008-5021: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021 CVE-2008-5022: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022 CVE-2008-5023: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023 CVE-2008-5024: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024 p3nfs 5.19-1.2: CVE-2008-5154: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5154 http://bugs.debian.org/506270 wordpress 2.5.1-11: CVE-2008-5278: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5278 http://bugs.debian.org/507193 Removed from testing: ===================== The following issues have been "fixed" by removing the (source) packages from testing. This probably means that you have to manually uninstall the corresponding binary packages to fix the issues. It can also mean that the packages have been replaced, or that they have been temporarily removed by the release team to make transitions from unstable easier. quassel: <no CVE yet> : Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability http://bugs.debian.org/506550 verlihub: <no CVE yet> : verlihub remote command execution and the possibility of attack with the help of symlinks http://bugs.debian.org/506530 How to update: -------------- Make sure the line deb http://security.debian.org lenny/updates main contrib non-free is present in your /etc/apt/sources.list. Of course, you also need the line pointing to your normal lenny mirror. You can use aptitude update && aptitude dist-upgrade to install the updates. More information: ----------------- More information about which security issues affect Debian can be found in the security tracker: http://security-tracker.debian.net/tracker/ A list of all known unfixed security issues is at http://security-tracker.debian.net/tracker/status/release/testing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
