Hi,there has been a texinfo update for sarge available from security.debian.org for a few days now. The changelog in the source package says something about arbitrary code execution. The GPG signature by Noah Meyerhans is good, as are the MD5 sums. Yet, I cannot find any accompanying advisory on this mailing list or on http://www.debian.org/security/. Why?
Thank you! Best wishes, Alexander