[LWN Logo]

Date: Thu, 27 Aug 1998 23:28:43 +0200
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of eperl fixes security drift


--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii

We have received a report from Tiago Luz Pinto that the eperl package
included in 2.0 misinterprets ISINDEX queries.  This can lead to
arbitrary Perl code being executed on the server.

We recommend you upgrade your eperl package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian were released only for the Intel and the
  Motorola 68xxx architecture.

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/eperl_2.2.14-0.2_i386.deb
      MD5 checksum: 4393403a03aa1d1b7969d83501c092b8

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/eperl_2.2.14-0.2_m68k.deb
      MD5 checksum: 9b914ca5f31bc4625d53643155a81f0f


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/binary-$arch/ soon.


For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCUAwUBNeXPixRNm5Suj3z1AQEgbgP4vosjRjIN3dmgwzFUZSIfCe9TXaI8IP+i
mymI2QzCYE1ELSDvB6gSecdQQ6JbvcnVbOS9m0eZOV2GyteuU8xIc0NTqAh0MCtd
GeMA1yvBLS42kaILlGlH/okVCJvaqQqLyohLSHf+t4aYuP95KYMtTPRBvRrJQdpu
4Aolvsqoqg==
=AR67
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--


--  
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org