[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for pidgin

Jan Wagner uploaded a new package for pidgin which fixed the following
security problem:

CVE-2010-0013[1] and Debian Bug #563206[2]

 It was discovered that Pidgin did not properly handle custom smiley
 requests in the MSN protocol handler. A remote attacker could send a
 specially crafted filename in a custom smiley request and obtain arbitrary
 files via directory traversal.

For the lenny distribution the problem has been fixed soon in
version 2.4.3-4lenny5.

For the sid distribution the problem has been fixed in
version 2.6.5-2.

Upgrade instructions

If you don't use pinning (see [1]) you have to update nagios3
manually via "apt-get -t etch-backports install nagios".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

[1] http://security-tracker.debian.org/tracker/CVE-2010-0013
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: