Package: limewire Version: 3.4.5-2 Severity: grave Tags: security Justification: user security hole
Secunia reports two vulnerabilities in Limewire that allow attackers remote access to arbitrary files. For full details see http://secunia.com/advisories/14555 Note: Limewire has been orphaned for a long time now (it's latest upload nearly 1.5 years ago) and it therefore badly out-of-sync with upstream. Secunia claims Limewire versions from 3.9.6 to 4.6.0 vulnerable, but it should be double-checked, whether Sarge's out-dated version is affected as well. I guess the correct fix is a removal of Limewire; a moving target like filesharing will hardly be useful after 1.5 years and will definitely become fully unusable during Sarge's stable lifecycle. There are not CAN IDs yet. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]