Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Hi,

On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote:
> Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer:
> > ------------------------------------------------------------------------
> > Debian Security Advisory DSA-1438-1 security@debian.org
> > http://www.debian.org/security/ Florian Weimer
> > December 28, 2007 http://www.debian.org/security/faq
> > ------------------------------------------------------------------------
> >
> > Package : tar
> > Vulnerability : several
> > Problem type : local(remote)
> > Debian-specific: no
> > CVE Id(s) : CVE-2007-4131, CVE-2007-4476
> >
> > Several vulnerabilities have been discovered in GNU Tar.
>
> Hello,
>
> during the last six days, updates of the following packages were available via
> security.debian.org:

wrong.

> debconf
> debconf-i18n
> findutils
> klibc-utils
> libc6
> libc6-i386
> libklibc
> libpam-modules
> libpam-runtime
> libpam0g
> linux-image-2.6.18-5-amd64
> locales
> tar
> tzdata
>
> However, I cannot see any security announcement for most of these. Were they
> updated because of the security fix for tar? If yes, why doesn’t the
> security announcement mention that updated versions are available also for
> those packages?

see http://lists.debian.org/debian-announce/debian-announce-2007/msg00004.html

-- 
[root@debian /root]# man real-life
No manual entry for real-life


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org