This automatic mail gives an overview over security issues that were recently fixed in Debian Testing. The majority of fixed packages migrate to testing from unstable. If this would take too long, fixed packages are uploaded to the testing-security repository instead. It can also happen that vulnerable packages are removed from Debian testing.
DTSA: ===== The following issues have been fixed by uploads to testing-security: devil 1.6.8-rc2-3+lenny1: DTSA-184-1 : devil - arbitrary code execution CVE-2008-5262: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5262 http://bugs.debian.org/511844 http://bugs.debian.org/512122 Migrated from unstable or testing-proposed-updates: =================================================== belpic 2.6.0-6: CVE-2009-0049: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0049 http://bugs.debian.org/511261 xine-lib 1.1.14-4: CVE-2008-5234: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234 http://bugs.debian.org/508313 http://bugs.debian.org/498243 CVE-2008-5236: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236 http://bugs.debian.org/509521 CVE-2008-5237: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237 http://bugs.debian.org/509265 CVE-2008-5239: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239 http://bugs.debian.org/509353 CVE-2008-5240: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240 http://bugs.debian.org/509352 CVE-2008-5241: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241 http://bugs.debian.org/509008 CVE-2008-5242: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5242 http://bugs.debian.org/507165 CVE-2008-5243: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243 http://bugs.debian.org/508716 Removed from testing: ===================== The following issues have been "fixed" by removing the (source) packages from testing. This probably means that you have to manually uninstall the corresponding binary packages to fix the issues. It can also mean that the packages have been replaced, or that they have been temporarily removed by the release team to make transitions from unstable easier. boinc: CVE-2009-0126: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0126 http://bugs.debian.org/511521 tqsllib: CVE-2009-0124: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124 http://bugs.debian.org/511509 How to update: -------------- Make sure the line deb http://security.debian.org lenny/updates main contrib non-free is present in your /etc/apt/sources.list. Of course, you also need the line pointing to your normal lenny mirror. You can use aptitude update && aptitude dist-upgrade to install the updates. More information: ----------------- More information about which security issues affect Debian can be found in the security tracker: http://security-tracker.debian.net/tracker/ A list of all known unfixed security issues is at http://security-tracker.debian.net/tracker/status/release/testing -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
