On Sun, Nov 26, 2006 at 12:47:55AM +0100, Alexander Klauer wrote:
there has been a texinfo update for sarge available from
security.debian.org for a few days now. The changelog in the
source package says something about arbitrary code execution.
The GPG signature by Noah Meyerhans is good, as are the MD5
sums. Yet, I cannot find any accompanying advisory on this
mailing list or on http://www.debian.org/security/. Why?
There's a revision of the security update on its way that fixes another
vulnerability that I discovered when preparing the DSA text for
2.2sarge1. Technical issues within the buildd network (an overloaded
arm build machine and a failed MIPSel build machine) have delayed this.
I hope to release -2.2sarge2 within the next 24 hours, along with a DSA.