Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or automated systems using the watch file to check the availability of a new upstream release. For the etch-backports distribution the problem has been fixed in version 2.10.35lenny6~bpo40+1. For the lenny-backports distribution the problem has been fixed in version 2.10.54~bpo50+1. For the stable distribution the problem has been fixed in version 2.10.35lenny6. For the unstable distribution the problem has been fixed in version 2.10.54. Upgrade instructions -------------------- If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t lenny-backports install <packagename>. We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part