-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1236-1 security@debian.org http://www.debian.org/security/ Steve Kemp December 13, 2006 - ------------------------------------------------------------------------ Package : enemies-of-carlotta Vulnerability : missing sanity checks Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5875 Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell. For the stable distribution (sarge), this problem has been fixed in version 1.0.3-1sarge1 We recommend that you upgrade your enemies-of-carlotta package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz Size/MD5 checksum: 50970 c128776396562ef1c678e438422d11fb http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc Size/MD5 checksum: 615 15c19c6a0ba8b3350f7ada9074713d12 http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a Architecture independent packages: http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb Size/MD5 checksum: 42722 d78136bff713315256626eec51521c83 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFf/GVwM/Gs81MDZ0RAn4jAKCix0rudNOKLzx7KVBq8xxtU0wryACfS2PN HRjdDPz/0i1ssaEXt00F+Ag= =rmMW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/