security bugfix in PET r743
Damyan Ivanov
dmn at debian.org
Wed Sep 2 20:23:20 UTC 2009
Hi,
As you may have noticed, uscan (devscripts) got patched to fix
a security bug that would allow a malicious remote site to execute
arbitraty Perl code on the uscan user's machine.
The same code was present in PET and was patched in revision 743 [0].
[0] http://svn.debian.org/viewsvn/pet/trunk/PET/Watch.pm?r1=743&r2=742&pathrev=743
If you happen to run a PET instance that is not automatically synched
with the main Subversion repository, please take the necessary steps
to secure it.
See DSA 1878-1 [1] for the original announcement.
[1] http://www.debian.org/security/2009/dsa-1878
--
dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pet-devel/attachments/20090902/c3334059/attachment.pgp>
More information about the PET-devel
mailing list