Hi,
I've backported to the stable cbrpager release all the security changes for
package cbrpager fixing CVE-2008-2575, included in the last upstream
cbrpage version 0.9.18.
I've NOT included any other changes.
The patch applied is attached. Please tell me if it is ok to upload it to
stable-proposed-updates.
Salud,
--
Roberto Lumbreras .''`.
<rover : :' : debian.org>
Debian Developer `. `'
`-
On Wed, Jun 11, 2008 at 11:53:17PM +0200, Nico Golde wrote:
: Hi,
: the following CVE (Common Vulnerabilities & Exposures) id was
: published for cbrpager some time ago.
:
: CVE-2008-2575[0]:
: cbrpager is affected by a command execution flaw via
: malicious file names in a similar was as comix was affected
:
: Note, the CVE id is not yet published on the mitre site.
: See Debian bug #482853 for details.
:
: Unfortunately the vulnerability described above is not important enough
: to get it fixed via regular security update in Debian stable. It does
: not warrant a DSA.
:
: However it would be nice if this could get fixed via a regular point update[1].
: Please contact the release team for this.
:
: This is an automatically generated mail, in case you are already working on an
: upgrade this is of course pointless.
:
: For further information:
: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575
: [1] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
:
: Kind regards
: Nico
:
: --
: Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
: For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
cbrpager-etch1.diff.gz
Description: Binary data
Attachment:
signature.asc
Description: Digital signature