Installed slrn 0.9.7.2-6 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Sep 2001 11:23:35 -0400
Source: slrn
Binary: slrnpull slrn
Architecture: source i386
Version: 0.9.7.2-6
Distribution: unstable
Urgency: high
Maintainer: Joey Hess <joeyh@debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description:
slrn - threaded news reader (fast for slow links)
slrnpull - pulls a small newsfeed from an NNTP server
Changes:
slrn (0.9.7.2-6) unstable; urgency=HIGH
.
* Upstream security fix; slrn's internal uudecoder auto-executes any
shell script in the archive (thinking it's a shar, presumably!). That
just doesn't fly in today's internet. Slrn in unstable is actually
probably not vulnerable, probably, since it is set up to use the
uudeview library for decoding. However, this is too critical a security
fix to omit.
Files:
10d9c2fe530ea678263bc3a6ad199fb3 665 news optional slrn_0.9.7.2-6.dsc
c261bed2553c5e1b9c3c0c17dd7f5f0b 23719 news optional slrn_0.9.7.2-6.diff.gz
20d791b2cadeac93630222b2fc78c831 301228 news optional slrn_0.9.7.2-6_i386.deb
79dff9f5c6f659625aa73284be06e2ff 89286 news optional slrnpull_0.9.7.2-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7rK842tp5zXiKP0wRAkORAJ9symtaG10xE+WKyvMHIMV8jNSmGACfa9D1
2PvK1Op0nVxI0Pqo+7Syf6U=
=dtjh
-----END PGP SIGNATURE-----
Installed:
slrnpull_0.9.7.2-6_i386.deb
to pool/main/s/slrn/slrnpull_0.9.7.2-6_i386.deb
slrn_0.9.7.2-6.diff.gz
to pool/main/s/slrn/slrn_0.9.7.2-6.diff.gz
slrn_0.9.7.2-6_i386.deb
to pool/main/s/slrn/slrn_0.9.7.2-6_i386.deb
slrn_0.9.7.2-6.dsc
to pool/main/s/slrn/slrn_0.9.7.2-6.dsc
Reply to: