Sebastian Harl uploaded new packages for git-core which fixed the following security problems: DSA 1777-1, Debian bug #516669 Peter Palfrader discovered that on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges. This issue only affected the DEC Alpha and MIPS (big and little endian) architectures. CVE-2009-2108, DSA 1841-1, Debian bug #532935 git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. For the etch-backports distribution the problems have been fixed in version 1:1.5.6.5-3+lenny2~bpo40+1. The lenny-backports distribution had not been affected by any of these issues. Upgrade instructions -------------------- If you don't use pinning [1] you have to update the package manually via "apt-get -t etch-backports install <packagelist>", where <packagelist> is the list of your installed packages affected by this update. [1] http://backports.org/dokuwiki/doku.php?id=instructions We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=etch-backports Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature