Hello, the current vpnc package in Sarge has a potential security flaw which is described in the attached .changes contents well enough. Please allow Sid's version 0.3.2+SVN20050326-2 to go into Sarge, there AFAICS no major changes. The package has been in Sid for 10 days without new bug reports. Regards, Eduard. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 05 May 2005 19:39:05 +0200 Source: vpnc Binary: vpnc Architecture: source i386 Version: 0.3.2+SVN20050326-2 Distribution: unstable Urgency: high Maintainer: Eduard Bloch <blade@debian.org> Changed-By: Eduard Bloch <blade@debian.org> Description: vpnc - Cisco-compatible VPN client Changes: vpnc (0.3.2+SVN20050326-2) unstable; urgency=high . * added a check for having a slash in the config file specification (now it really accepts absolute paths only and not some random, or even malicious, script from the current directory). Before, it was like having "." on the first place in root's $PATH. * also reverted the vpnc binary lookup order to limit possible effects of a similar problem Files: 60672862bbc48a75417a0c5f27b16e83 607 net extra vpnc_0.3.2+SVN20050326-2.dsc 805b52569907b764d8c46527ff5f29c5 8556 net extra vpnc_0.3.2+SVN20050326-2.diff.gz 7430a017963a410eefba142dc45361cf 43496 net extra vpnc_0.3.2+SVN20050326-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCel6N4QZIHu3wCMURAqp3AJ4n0hjtTbQLhX/lcDDIs1zIz3LnsgCcCKMv uYFMK81XHnJSsKqqBnqMRI4= =z0T6 -----END PGP SIGNATURE----- -- <Natural_> andere frage, wo liegtn der treiber von video4linux ? <con-sole> http://www.google.com/search?q=video4linux <Natural_> nein auf meinem system :)
Attachment:
signature.asc
Description: Digital signature