Hello,
the current vpnc package in Sarge has a potential security flaw which is
described in the attached .changes contents well enough. Please allow
Sid's version 0.3.2+SVN20050326-2 to go into Sarge, there AFAICS no
major changes.
The package has been in Sid for 10 days without new bug reports.
Regards,
Eduard.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 05 May 2005 19:39:05 +0200
Source: vpnc
Binary: vpnc
Architecture: source i386
Version: 0.3.2+SVN20050326-2
Distribution: unstable
Urgency: high
Maintainer: Eduard Bloch <blade@debian.org>
Changed-By: Eduard Bloch <blade@debian.org>
Description:
vpnc - Cisco-compatible VPN client
Changes:
vpnc (0.3.2+SVN20050326-2) unstable; urgency=high
.
* added a check for having a slash in the config file specification (now it
really accepts absolute paths only and not some random, or even malicious,
script from the current directory). Before, it was like having "." on the
first place in root's $PATH.
* also reverted the vpnc binary lookup order to limit possible effects of
a similar problem
Files:
60672862bbc48a75417a0c5f27b16e83 607 net extra vpnc_0.3.2+SVN20050326-2.dsc
805b52569907b764d8c46527ff5f29c5 8556 net extra vpnc_0.3.2+SVN20050326-2.diff.gz
7430a017963a410eefba142dc45361cf 43496 net extra vpnc_0.3.2+SVN20050326-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCel6N4QZIHu3wCMURAqp3AJ4n0hjtTbQLhX/lcDDIs1zIz3LnsgCcCKMv
uYFMK81XHnJSsKqqBnqMRI4=
=z0T6
-----END PGP SIGNATURE-----
--
<Natural_> andere frage, wo liegtn der treiber von video4linux ?
<con-sole> http://www.google.com/search?q=video4linux
<Natural_> nein auf meinem system :)
Attachment:
signature.asc
Description: Digital signature