On Sun, Nov 26, 2006 at 12:47:55AM +0100, Alexander Klauer wrote: > there has been a texinfo update for sarge available from > security.debian.org for a few days now. The changelog in the > source package says something about arbitrary code execution. > The GPG signature by Noah Meyerhans is good, as are the MD5 > sums. Yet, I cannot find any accompanying advisory on this > mailing list or on http://www.debian.org/security/. Why? There's a revision of the security update on its way that fixes another vulnerability that I discovered when preparing the DSA text for 2.2sarge1. Technical issues within the buildd network (an overloaded arm build machine and a failed MIPSel build machine) have delayed this. I hope to release -2.2sarge2 within the next 24 hours, along with a DSA. noah
Attachment:
signature.asc
Description: Digital signature