Jan Wagner uploaded new packages for egroupware which fixed the following security problems: CVE-2009-2265 Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. For the lenny-backports distribution the problems have been fixed in version 1.6.002+dfsg-1~bpo50+1. For the sid distributions the problems have been fixed in version 1.6.002+dfsg-1. Upgrade instructions -------------------- If you don't use pinning (see [1]) you have to update the packages manually via "apt-get -t lenny-backports install <packagelist>" with the packagelist of your installed packages affected by this update. [1] <http://backports.org/dokuwiki/doku.php?id=instructions> We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically: Package: * Pin: release a=lenny-backports Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature