Sebastian Harl uploaded new packages for git-core which fixed the
following security problems:
DSA 1777-1, Debian bug #516669
Peter Palfrader discovered that on some architectures files under
/usr/share/git-core/templates/ were owned by a non-root user. This
allows a user with that uid on the local system to write to these
files and possibly escalate their privileges.
This issue only affected the DEC Alpha and MIPS (big and little
endian) architectures.
CVE-2009-2108, DSA 1841-1, Debian bug #532935
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to
cause a denial of service (infinite loop and CPU consumption) via a
request containing extra unrecognized arguments.
For the etch-backports distribution the problems have been fixed in
version 1:1.5.6.5-3+lenny2~bpo40+1.
The lenny-backports distribution had not been affected by any of these
issues.
If you don't use pinning [1] you have to update the package manually via
"apt-get -t etch-backports install <packagelist>", where <packagelist>
is the list of your installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.
Package: *
Pin: release a=etch-backports
Pin-Priority: 200