email@example.com discovered a format string vulnerability in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process (this process does not run automatically by default).
CAN-2004-0451: format string vulnerabilities in sup via syslog(3) in logquit, logerr, loginfo functions
For the current stable distribution (woody), this problem has been fixed in version 1.8-8woody2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your sup package.