We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian were released only for the Intel and the Motorola 68xxx architecture. Intel architecture: ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_i386.deb MD5 checksum: 9dcb2a4d455197b1102ccefd99bf60fa Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_m68k.deb MD5 checksum: 917a954e24960a63e0ec8eaf56274bb7 These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon. For other architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>
Attachment:
pgpU53VftBOIh.pgp
Description: PGP signature