Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 6012-1] nncp security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 6012-1] nncp security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 6012-1] nncp security update
  • Date: Fri, 26 Sep 2025 21:20:19 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/E1v2FrX-000JeB-3C AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=T+JH0v3LDI97hCaU2XFyO4UjQAPT+hZWhA4J0FVg+l8=; b=AQ a5iRy8NxtG/6E8+CdrDIUO5WyQJ50CDmYEtzZBJQvJos+wMfJdpJqLiiAP56o0m6OcDa9PpmJDbWQ UIgb113Os/3XoxxO6BcSktibzu0/NR3nhsbfkHtTm86PoDW8L7l3t3XzOv8RfBQlVtrJRbKG3X/a7 BKNUyyrA3rUrJqS308cLlzzD/LhYmXOU51Q4/rwbrm5bCgZm0n5v1x+CnPIrnL8FThhYNV0UvktNZ XpCuIrmuNCsgWsXn85QO8IqqupBvVQglU0PlsScbFpA07xJ26mLVKiBGxPZgdsMimNx2zAOfSF0M/ GETcOX+sBZou0RHoGsz/FPeH+PisYX6g==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 26 Sep 2025 21:20:47 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <EuV7Vm9RV4K.A.v6pI.uOw1oB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6012-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 26, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nncp
CVE ID : CVE-2025-60020
Debian Bug : 1115848

Eugene Medvedev discovered that nncp, a package facilitating secure
store-and-forward file and mail exchange, was susceptible to path
traversal with the freq and file commands.

For the oldstable distribution (bookworm), this problem has been fixed
in version 8.8.2-3+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 8.11.0-4+deb13u1.

We recommend that you upgrade your nncp packages.

For the detailed security status of nncp please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/nncp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjXAvpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SoMxAAmfLIomES0lQQ/v3DhFZsflOb1OTqXPx+o0PPQWKAuM/E/cLq2+Gw4kuk
cmXSnRRhnxd5CyrlT9PK530VLUuVZA3dLvgPPBP4uF1q+NVb/8rax/agrYFq9MiI
wGvbKL1maKUQey87cPMQSwne7kzNrcE0eHEVTpuCR8miuaGm32N/287l5Kt3f7s3
0veViM9yCOcZTrxnVDwByZEiWZCXnCVXIKhYl3HS3honnfUTPflswyYhm2FHYQHQ
v+hXTzMOZ6fT6TOp8evAn/4K+sbWaFSABl+1EbtT9DIjjVwZJS6ZRYSP7sBg4Fc4
OLq0htVm8mLNvmbqIPPL8CrppQZvs6OQe8/IEIeEcc7IAkzzu6HexMZmTws+jCRb
wJ0UC3zkKgo3pH2B5lhAVk8HtA50u9+D9QSYZwcqKho6EyQnqyaVCheuphHutFmK
OyLjwjI4/kWjx4sG70L+3xCp3F0IE19CL1QdT50DwjdR+bwmrOOSoR+GB75FNmED
/nuDLsCg5hRJHTq7ZUnkoJgHBpi6mi7sx9dhNiFzsPMxuG4h8qFZPweQwf6H36l/
eXe5kQs44VZvsli0JUE6ZGKfmXX57wrhgB6mVfrWi2DjEqxdtwPOorjgWy/vJee7
VRt+yX93PXdiEdEmYbLbgqenvnfcjMTAm2mHzlIdl7u6QJv4wt4=
=E/eY
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 6012-1] nncp security update, Salvatore Bonaccorso, 26.09.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang