-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 22 Sep 2001 11:23:35 -0400 Source: slrn Binary: slrnpull slrn Architecture: m68k Version: 0.9.7.2-6 Distribution: unstable Urgency: high Maintainer: Debian/m68k Build Daemon <[EMAIL PROTECTED]> Changed-By: Joey Hess <[EMAIL PROTECTED]> Description: slrn - threaded news reader (fast for slow links) slrnpull - pulls a small newsfeed from an NNTP server Changes: slrn (0.9.7.2-6) unstable; urgency=HIGH . * Upstream security fix; slrn's internal uudecoder auto-executes any shell script in the archive (thinking it's a shar, presumably!). That just doesn't fly in today's internet. Slrn in unstable is actually probably not vulnerable, probably, since it is set up to use the uudeview library for decoding. However, this is too critical a security fix to omit. Files: 8cf902e0efc589e20018a312172a6e49 288964 news optional slrn_0.9.7.2-6_m68k.deb 73c8f0a951fe173acc6d2f1125988bf4 87326 news optional slrnpull_0.9.7.2-6_m68k.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iEYEARECAAYFAjuvE5wACgkQcS3JWD3FdvdOoACeLqdwQ19KOZ0ta8I3Bs02xgNd Mf0An24YtlyhLQZcwQxSixWgiWD5cdd9 =FbVL -----END PGP SIGNATURE-----