Hi release team, please unblock rsyslog 3.18.6-1. It contains an important security fix, which is reported as Debian bug . Further information regarding the security issue can be found at secunia  and upstream . The complete upstream changes between 3.18.5 and 3.18.6 can be found in the upstream git repository . The Debian changelog is: rsyslog (3.18.6-1) unstable; urgency=high * New upstream bugfix release. - Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender" configuration directive was not respected, allowing unrestricted network access to the application. Closes: #508027 No CVE id yet. * Urgency high for the security fix. * debian/patches/manpage_fixes.patch - Fix typos in rsyslogd man page. Closes: #506925 Thanks to Geoff Simmons for the patch. -- Michael Biebl <firstname.lastname@example.org> Fri, 12 Dec 2008 17:36:02 +0100 Cheers, Michael  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027  http://secunia.com/Advisories/32857/  http://www.rsyslog.com/Article322.phtml  http://git.adiscon.com/?p=rsyslog.git;a=commit;h=b0317d31d98b17cd8b9b5d29f438191ac045cd33 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Description: OpenPGP digital signature