How about enemies-of-carlotta in etch? Is it still vulnarable or need no fix?
Seiji Steve Kemp wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-1236-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Steve Kemp > December 13, 2006 > - ------------------------------------------------------------------------ > > Package : enemies-of-carlotta > Vulnerability : missing sanity checks > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2006-5875 > > Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple > manager for mailing lists, does not properly sanitise email addresses > before passing them through to the system shell. > > For the stable distribution (sarge), this problem has been fixed in version > 1.0.3-1sarge1 > > We recommend that you upgrade your enemies-of-carlotta package. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > Debian 3.1 (stable) > - ------------------- > > Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, > mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > > http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz > Size/MD5 checksum: 50970 c128776396562ef1c678e438422d11fb > > http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc > Size/MD5 checksum: 615 15c19c6a0ba8b3350f7ada9074713d12 > > http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz > Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a > > Architecture independent packages: > > > http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb > Size/MD5 checksum: 42722 d78136bff713315256626eec51521c83 > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFFf/GVwM/Gs81MDZ0RAn4jAKCix0rudNOKLzx7KVBq8xxtU0wryACfS2PN > HRjdDPz/0i1ssaEXt00F+Ag= > =rmMW > -----END PGP SIGNATURE----- > > -- Seiji Kaneko [EMAIL PROTECTED] --------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
