Date: Thu, 27 Aug 1998 22:54:47 +0200 From: Martin Schulze <joey@kuolema.Infodrom.North.DE> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Subject: [SECURITY] New versions of ncurses fixes security problem --7iMSBzlTiPOCCT2k Content-Type: text/plain; charset=us-ascii We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian were released only for the Intel and the Motorola 68xxx architecture. Intel architecture: ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_i386.deb MD5 checksum: 9dcb2a4d455197b1102ccefd99bf60fa Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_m68k.deb MD5 checksum: 917a954e24960a63e0ec8eaf56274bb7 These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon. For other architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org> --7iMSBzlTiPOCCT2k Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNeXHlxRNm5Suj3z1AQFUxQQAiwvOLSKcxTN+h7Ok+1wnRg1Yx282ZDov S5CnBj5vz0V+3/kd8IybvXkasuDiw0MqvIXwRdgdzsJs3RVcthXeakhh+ogP8DXJ 8NeanhmN5bZn0N+jRGHm93o8v+YYGHXXkn//CxzX2Qz7ebqLfYsu+sJT1F/GYEwc bDyV1DrVmvs= =KixV -----END PGP SIGNATURE----- --7iMSBzlTiPOCCT2k-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org