Jan Wagner uploaded a new package for pidgin which fixed the following security problem:
CVE-2010-0013 and Debian Bug #563206
It was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal.
For the lenny distribution the problem has been fixed soon in version 2.4.3-4lenny5.
For the sid distribution the problem has been fixed in version 2.6.5-2.
If you don't use pinning (see ) you have to update nagios3 manually via "apt-get -t etch-backports install nagios".  <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically:
Package: * Pin: release a=lenny-backports Pin-Priority: 200
 http://security-tracker.debian.org/tracker/CVE-2010-0013  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206