python2.4 in testing (etch) is currently vulnerable to a buffer overflow as described in CVE-2006-4980 [1] and PSF-2006-001 [2]. The vulnerability was fixed in 2.4.3-9 but 2.4.3-8 is frozen in testing so the fixed package will not propagate automatically. The QA package page[3] suggests contacting this mailing list "if update is needed". Please keep me on the CC in replies as I am not subscribed to the debian-release list. Cheers, -Ted [1] CVE-2006-4980: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 [2] PSF-2006-001: http://www.python.org/news/security/PSF-2006-001/ [3] QA page for python2.4: http://packages.qa.debian.org/p/python2.4.html
Attachment:
signature.asc
Description: OpenPGP digital signature