Adam D. Barratt uploaded new packages for devscripts which fixed the following security problems: Debian BTS #507482 When copying files from a remote host for signing, the temporary directory created was named based on the process ID rather than using mktemp. Debian BTS #508111 A call to mktemp used an incorrect format string which led to the same filename always being generated when attempting to sign a particular file. This could lead to being unable to sign the file as the mktemp call would never return. [Does not affect the stable distribution] For the etch-backports distribution the problems have been fixed in version 2.10.35lenny2~bpo40+1. For the stable distribution the problems have been fixed in version 2.9.26etch2. For the testing distribution the problems have been fixed in versions 2.10.35lenny1 and 2.10.35lenny2. For the unstable distribution the problems have been fixed in versions 2.10.42 and 2.10.43. Upgrade instructions -------------------- If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t etch-backports install devscripts. We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=etch-backports Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part