Jan Wagner uploaded a new package for pidgin which fixed the following security problem: CVE-2010-0013[1] and Debian Bug #563206[2] It was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. For the lenny distribution the problem has been fixed soon in version 2.4.3-4lenny5. For the sid distribution the problem has been fixed in version 2.6.5-2. Upgrade instructions --------------------- If you don't use pinning (see [1]) you have to update nagios3 manually via "apt-get -t etch-backports install nagios". [1] <http://backports.org/dokuwiki/doku.php?id=instructions> We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically: Package: * Pin: release a=lenny-backports Pin-Priority: 200 [1] http://security-tracker.debian.org/tracker/CVE-2010-0013 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206
Attachment:
signature.asc
Description: This is a digitally signed message part.