Gerfried Fuchs uploaded new packages for libspf2 which fixed the
following security problem:
CVE-2008-2469
Fix buffer overflows in DNS response parsing.
For the etch-backports distribution the problem has been fixed in
version 1.2.5.dfsg-5+lenny1~bpo40+1.
For the lenny distribution the problem has been fixed in version
1.2.5.dfsg-5+lenny1.
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | spfquery | < 1.2.5.dfsg-5+lenny1 | spfquery_1.2.5.dfsg-5+lenny1_all.deb |
Debian | 5 | all | libspf2 | < 1.2.5.dfsg-5+lenny1 | libspf2_1.2.5.dfsg-5+lenny1_all.deb |
Debian | 5 | all | libspf2-2 | < 1.2.5.dfsg-5+lenny1 | libspf2-2_1.2.5.dfsg-5+lenny1_all.deb |
Debian | 5 | all | libspf2-dev | < 1.2.5.dfsg-5+lenny1 | libspf2-dev_1.2.5.dfsg-5+lenny1_all.deb |