Leo Costela and Josselin Mouette uploaded new packages for transmission which fixed the following security problem: CVE-2010-0012 DSA-1967-1 Dan Rosenberg discovered that Transmission, a lightweight client for the Bittorrent filesharing protocol performs insufficient sanitizing of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file. For the stable distribution (lenny), this problem has been fixed in version 1.22-1+lenny2. For the unstable distribution (sid), this problem has been fixed in version 1.77-1. For the lenny-backports distribution the problems have been fixed in version 1.77-1~bpo50+1. Upgrade instructions -------------------- If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install <packagelist>" with the packagelist of your installed packages affected by this update. [1] <http://backports.org/dokuwiki/doku.php?id=instructions> We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200 -- .''`. Josselin Mouette : :' : `. `' “I recommend you to learn English in hope that you in `- future understand things” -- Jörg Schilling
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=