This automatic mail gives an overview over security issues that were recently fixed in Debian Testing. The majority of fixed packages migrate to testing from unstable. If this would take too long, fixed packages are uploaded to the testing-security repository instead. It can also happen that vulnerable packages are removed from Debian testing.
DTSA: ===== The following issues have been fixed by uploads to testing-security: mediawiki 1:1.12.0-2lenny3: DTSA-196-1 : mediawiki - cross-site scripting <no CVE yet> : mediawiki XSS in installer scripts moodle 1.8.2.dfsg-3+lenny1: DTSA-195-1 : moodle - several vulnerabilities CVE-2009-0500: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0500 CVE-2009-0501: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0501 Migrated from unstable or testing-proposed-updates: =================================================== bind9 1:9.5.1.dfsg.P1-1: CVE-2009-0025: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://bugs.debian.org/511936 sun-java6 6-12-1 (non-free): CVE-2008-5339: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339 http://bugs.debian.org/508195 CVE-2008-5340: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340 CVE-2008-5341: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341 CVE-2008-5342: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342 CVE-2008-5343: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343 CVE-2008-5344: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344 CVE-2008-5345: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345 CVE-2008-5346: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346 CVE-2008-5347: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347 CVE-2008-5348: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348 CVE-2008-5349: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349 CVE-2008-5350: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350 CVE-2008-5351: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351 CVE-2008-5352: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352 CVE-2008-5353: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353 CVE-2008-5354: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354 CVE-2008-5356: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356 CVE-2008-5357: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357 CVE-2008-5358: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358 CVE-2008-5359: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359 CVE-2008-5360: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360 tor 0.2.0.34-1: <no CVE yet> : tor: potential crash on exit nodes when processing malformed input http://bugs.debian.org/512728 <no CVE yet> : tor: DoS vulnerability that could be performed by a directory mirror http://bugs.debian.org/514580 wireshark 1.0.2-3+lenny4: <no CVE yet> : Wireshark: $HOME issue <no CVE yet> : Wireshark: NetScreen issue <no CVE yet> : Wireshark: Texktronix issue How to update: -------------- Make sure the line deb http://security.debian.org lenny/updates main contrib non-free is present in your /etc/apt/sources.list. Of course, you also need the line pointing to your normal lenny mirror. You can use aptitude update && aptitude dist-upgrade to install the updates. More information: ----------------- More information about which security issues affect Debian can be found in the security tracker: http://security-tracker.debian.net/tracker/ A list of all known unfixed security issues is at http://security-tracker.debian.net/tracker/status/release/testing -- To UNSUBSCRIBE, email to debian-testing-security-announce-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org