Adam D. Barratt uploaded new packages for devscripts which fixed the
following security problem:
CVE-2009-2946:
When parsing watch files, uscan applied "mangle rules" by evaluating
them as Perl code without any sanitisation. This could have lead to
the execution of arbitrary code by users or automated systems using
the watch file to check the availability of a new upstream release.
For the etch-backports distribution the problem has been fixed in
version 2.10.35lenny6~bpo40+1.
For the lenny-backports distribution the problem has been fixed in
version 2.10.54~bpo50+1.
For the stable distribution the problem has been fixed in version
2.10.35lenny6.
For the unstable distribution the problem has been fixed in version
2.10.54.
Upgrade instructions
--------------------
If you don't use pinning
(http://backports.org/dokuwiki/doku.php?id=instructions) you have to
update the package manually via apt-get -t lenny-backports install
<packagename>.
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part