[Backports-security-announce] Security Update for ikiwiki

To: backports-security-announce@lists.backports.org
Subject: [Backports-security-announce] Security Update for ikiwiki
From: Alexander Wirt <formorer@debian.org>
Date: Wed, 2 Sep 2009 11:40:52 +0200
Message-id: <[🔎] 20090902094052.GB5839@formorer.de>
Reply-to: backports-users@lists.backports.org

Alexander Wirt uploaded a new package for ikiwiki which fixes the following security problem:

DSA-DSA-1875 

  Josh Triplett discovered that the blacklist for potentially harmful TeX code of
  the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in
  information disclosure.

For the lenny-backports distribution the problems have been fixed in version 3.1415926~bpo50+1.

The old stable distribution (etch) is not affected.

For the stable distribution (lenny), this problem has been fixed in version 2.53.4.

For the unstable distribution (sid), this problem has been fixed in version 3.1415926.

This bug will not be fixed for etch-backports we recommend to disable the teximg plugin there
or upgrade to lenny(-backports). 

Upgrade instructions
--------------------

If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t lenny-backports install ikiwiki.

We recommend to pin the backports repository to 200 so that new versions of installed  backports will be installed automatically. 

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200


-- 
Alexander Wirt, formorer@debian.org
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A

Reply to:

Next by Date: [Backports-security-announce] Security update for devscripts
Next by thread: [Backports-security-announce] Security update for devscripts
Index(es):
- Date
- Thread