[Backports-security-announce] Security Update for lintian

Raphael Geissert uploaded new packages for lintian which fixed the
following security problems:

CVE-2009-4013: missing control files sanitation

Control field names and values were not sanitised before using them
in certain operations that could lead to directory traversals.

Patch systems' control files were not sanitised before using them
in certain operations that could lead to directory traversals.

CVE-2009-4014: format string vulnerabilities

Multiple check scripts and the Lintian::Schedule module were using
user-provided input as part of the sprintf/printf format string.

CVE-2009-4015: arbitrary command execution

File names were not properly escaped when passing them as arguments to
certain commands, allowing the execution of other commands as pipes or
as a set of shell commands.

For the lenny-backports distribution the problems have been fixed in
version 2.3.2~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install lintian".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part.