dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Debian GNU/Linux Advisories: skk, ddskk, unzip, xbl, phpsysinfo, teapop

Jul 09, 2003, 13:55 (0 Talkback[s])

Debian Security Advisory DSA 343-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003 http://www.debian.org/security/faq

Package : skk, ddskk
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific : no

skk (Simple Kana to Kanji conversion program), does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk.

ddskk is derived from the same code, and contains the same bug.

For the stable distribution (woody) this problem has been fixed in skk version 10.62a-4woody1 and ddskk version 11.6.rel.0-2woody1.

For the unstable distribution (sid) this problem has been fixed in ddskk version 12.1.cvs.20030622-1, and skk will be fixed soon.

We recommend that you update your skk and ddskk package-.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1.dsc
Size/MD5 checksum: 650 4dfedc401e846e185a14bf86e12dde82
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1.diff.gz
Size/MD5 checksum: 10343 4e2d9a337118252422803eb5b5c13cc0
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a.orig.tar.gz
Size/MD5 checksum: 2952817 30bacbe572adf5c353bc65348ef7f2e4
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1.dsc
Size/MD5 checksum: 651 7386dc3f171c6620065ed32bea7a61c8
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1.diff.gz
Size/MD5 checksum: 8684 2c345b4c6979509cd92ac2e411ae0825
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0.orig.tar.gz
Size/MD5 checksum: 583049 9c4b78ae5a5b9ca02d0cd450c0f01c47

Architecture independent components:

http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1_all.deb
Size/MD5 checksum: 314864 7bc8fb95fb95c886377cc0eafd4f8281

Alpha architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_alpha.deb
Size/MD5 checksum: 14664 95cadc075d8daa920f018b4dec830761

ARM architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_arm.deb
Size/MD5 checksum: 12804 662ab1f2f69117112b7b8da543d04adf

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_i386.deb
Size/MD5 checksum: 12322 0ff353139210f243e35ed6c275f7da98

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_ia64.deb
Size/MD5 checksum: 16880 32cfed0ae347a436790c364204a61e6b

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_hppa.deb
Size/MD5 checksum: 13788 d2389fb2860653e0ef8bc72b314a87fb

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_m68k.deb
Size/MD5 checksum: 12076 36963139b8c6a2f310e254c214958d7f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_mips.deb
Size/MD5 checksum: 13328 94b05baa358a3fda8d096c2f4f1d894c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_mipsel.deb
Size/MD5 checksum: 13326 5c0f5fa48cef96b37ae66a1b7cecf8e2

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_powerpc.deb
Size/MD5 checksum: 12868 34eaf4315a5a358d84b5860a051d8563

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_s390.deb
Size/MD5 checksum: 13280 0c989e849f3dcdc14b26d4a25557d00f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_sparc.deb
Size/MD5 checksum: 15714 7a75008647a0d60f5fd2910bb69baffa

Architecture independent components:

http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1_all.deb
Size/MD5 checksum: 488140 1a0a928861d148ae1dc005ecf50303dd

These files will probably be moved into the stable distribution on its next revision.



Debian Security Advisory DSA 344-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003 http://www.debian.org/security/faq

Package : unzip
Vulnerability : directory traversal
Problem-Type : local
Debian-specific : no
CVE Ids : CAN-2003-0282

A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters.

For the stable distribution (woody) this problem has been fixed in version 5.50-1woody1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you update your unzip package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1.dsc
Size/MD5 checksum: 528 78fe98174204f12d53c472429f570b72
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1.diff.gz
Size/MD5 checksum: 4281 d143f706e7598b72b80c2b0479f74c82
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
Size/MD5 checksum: 1068379 6d27bcdf9b51d0ad0f78161d0f99582e

Alpha architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_alpha.deb
Size/MD5 checksum: 159796 d102536d4df17efa47d181e892cd0a78

ARM architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_arm.deb
Size/MD5 checksum: 138900 2cad290445168c872140ccfa4d991c64

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_i386.deb
Size/MD5 checksum: 122262 23f370812910bfe54af5248ed8d436b0

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_ia64.deb
Size/MD5 checksum: 190398 68e1c6567a8dad804dcb6e312e3b081b

HP Precision architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_hppa.deb
Size/MD5 checksum: 146386 1b81ff0dd1dcc257b03075656d54aaba

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_m68k.deb
Size/MD5 checksum: 118962 8ed05af2af30b9965bec490fa33c3647

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_mips.deb
Size/MD5 checksum: 142572 b7d0ead363f47c34188ef454d13d1495

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_mipsel.deb
Size/MD5 checksum: 143038 45b35c8d561fcbcbfa74d18988ac9ef0

PowerPC architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_powerpc.deb
Size/MD5 checksum: 135910 e694627b076850fad5979d361038bc48

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_s390.deb
Size/MD5 checksum: 136418 b5b4c6448d02b8aba0ecbe7892d9393c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody1_sparc.deb
Size/MD5 checksum: 146950 b01e9ee7609d8bdbff57e61c0679d691

These files will probably be moved into the stable distribution on its next revision.



Debian Security Advisory DSA 345-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003 http://www.debian.org/security/faq

Package : xbl
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific : no
CVE Ids : CAN-2003-0535

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'.

For the stable distribution (woody) this problem has been fixed in version 1.0k-3woody2.

For the unstable distribution (sid) this problem is fixed in version 1.0k-6.

We recommend that you update your xbl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.dsc
Size/MD5 checksum: 567 cc617cf2ab0beba1290a1948dec24015
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.diff.gz
Size/MD5 checksum: 10093 8e0ac57663ff0657bbcd406ae40d99e8
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k.orig.tar.gz
Size/MD5 checksum: 135080 22e7822a449ae5b68695158fd59ea49c

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_alpha.deb
Size/MD5 checksum: 122282 4d9b7d78318306f488831477d6b31ae6

ARM architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_arm.deb
Size/MD5 checksum: 111098 300c03bdd43a4413ac72346c14cae0ed

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_i386.deb
Size/MD5 checksum: 103296 54bfaa17756365c4559b608ee596c262

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_ia64.deb
Size/MD5 checksum: 151432 4e26d6422591122e4cf22ae16f60e6cf

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_hppa.deb
Size/MD5 checksum: 116784 91232ce406230a0970b306dc0a5f1b9f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_m68k.deb
Size/MD5 checksum: 97746 89dfc31946135fbde0d1a723f4c69304

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mips.deb
Size/MD5 checksum: 116010 feb3b79691e096b7006e01fcdcb4d987

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mipsel.deb
Size/MD5 checksum: 115888 67367915c9c2b73a31d679ea87fa5636

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_powerpc.deb
Size/MD5 checksum: 112178 59472b074ff777847bfd741a23b48f5d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_s390.deb
Size/MD5 checksum: 106278 aeeb3522110d4308fab12ac704942491

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_sparc.deb
Size/MD5 checksum: 111230 8bd8f330c33d7d00bff11db1ac4318ed

These files will probably be moved into the stable distribution on its next revision.



Debian Security Advisory DSA 346-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003 http://www.debian.org/security/faq

Package : phpsysinfo
Vulnerability : directory traversal
Problem-Type : local
Debian-specific : no
CVE Ids : CAN-2003-0536

Albert Puigsech Galicia <ripe@7a69ezine.org> reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitrary PHP code to be executed, under the privileges of the web server process (usually www-data). These vulnerabilities require access to a writable directory on the system in order to be exploited.

For the stable distribution (woody) this problem has been fixed in version 2.0-3woody1.

For the unstable distribution (sid) this problem will be fixed soon. See Debian bug #200543.

We recommend that you update your phpsysinfo package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1.dsc
Size/MD5 checksum: 622 deb877ec19a6f2e45b7f81cad3124996
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1.diff.gz
Size/MD5 checksum: 2374 c0b49bbef1bdecdb687c4d78c82e6ba6
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz
Size/MD5 checksum: 48104 abd184ebc003aeba07d9945bb9c6ff0f

Architecture independent components:

http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1_all.deb
Size/MD5 checksum: 42108 6d65ae73ba4c74989d85082700d5f73d

These files will probably be moved into the stable distribution on its next revision.



Debian Security Advisory DSA 347-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 8th, 2003 http://www.debian.org/security/faq

Package : teapop
Vulnerability : SQL injection
Problem-Type : remote
Debian-specific : no
CVE Ids : CAN-2003-0515

teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. This vulnerability could be exploited to execute arbitrary SQL under the privileges of the database user as which teapop has authenticated.

For the stable distribution (woody) this problem has been fixed in version 0.3.4-1woody2.

For the unstable distribution (sid) this problem has been fixed in version 0.3.5-2.

We recommend that you update your teapop package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2.dsc
Size/MD5 checksum: 642 fed7be378523f17820caf954ae0e2d8b
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2.diff.gz
Size/MD5 checksum: 89396 918ff202c7fe4dfa8ca74cf7b8ee737d
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4.orig.tar.gz
Size/MD5 checksum: 139108 af3cfad2323764ee87979c1ed36f1a29

Alpha architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_alpha.deb
Size/MD5 checksum: 65630 0ff29aa8b27deeee90da861d42914e8d
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_alpha.deb
Size/MD5 checksum: 68136 34703e180ad5e59ab368fd33974249a1
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_alpha.deb
Size/MD5 checksum: 67566 47db645212b9104fdd7d0acf5d2a4eec

ARM architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_arm.deb
Size/MD5 checksum: 56364 e45dea49a7274c38c321780195e8277a
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_arm.deb
Size/MD5 checksum: 58310 018adfc8b90c1eab8f3312b3e84a1647
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_arm.deb
Size/MD5 checksum: 57812 78385a963ac081814c4c610d08572b42

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_i386.deb
Size/MD5 checksum: 55804 05414d63c4b995e026a07a0f9e910a18
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_i386.deb
Size/MD5 checksum: 57644 9a798c8eea5319c525e65929394f1701
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_i386.deb
Size/MD5 checksum: 57230 809033cacc20039e32daf4b42d220c0b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_ia64.deb
Size/MD5 checksum: 69916 e1a85ad9143b707ea3f200fd3e6adc0b
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_ia64.deb
Size/MD5 checksum: 72612 150668180e6fca83e78ef0552fb0dd24
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_ia64.deb
Size/MD5 checksum: 72042 e7faa07d5af324408cf8bf105b31840b

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_hppa.deb
Size/MD5 checksum: 58700 c6ac59093cd3591aa8251184a09358c1
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_hppa.deb
Size/MD5 checksum: 60562 74454128967adecd6f2e5f721d37030d
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_hppa.deb
Size/MD5 checksum: 60078 d4805ec7278e728a82c5da39e5593b5e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_m68k.deb
Size/MD5 checksum: 54558 d5c3fc23f82403509739599ffdf6c778
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_m68k.deb
Size/MD5 checksum: 56218 f848d0a4d168f9d71a2c20723f764d9c
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_m68k.deb
Size/MD5 checksum: 55862 6ed69fa88c8347e4ca0b67f3224b0e13

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_mips.deb
Size/MD5 checksum: 59138 764acbee22966dfa0c1694759b9c0e35
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_mips.deb
Size/MD5 checksum: 61128 cf19e15baa43506e0f3a8dc4d6f3d857
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_mips.deb
Size/MD5 checksum: 60478 f3e2af096b950dd341a98020b6ebeb81

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_mipsel.deb
Size/MD5 checksum: 59086 e09f4618622e02b3d533ebddb78c6ad8
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_mipsel.deb
Size/MD5 checksum: 61082 9aa5fd0a7209ebb212ab083cf68e71c6
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_mipsel.deb
Size/MD5 checksum: 60468 eea4b43810ce3e5fec1a78b927231f8e

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_powerpc.deb
Size/MD5 checksum: 57756 0c76c1a5ce0f8001d7d681fa1e5e7543
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_powerpc.deb
Size/MD5 checksum: 59656 f28a95fae924bb6e3d265c572c21e515
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_powerpc.deb
Size/MD5 checksum: 59244 0f6e1aac13b84649ae9dde6f874beac5

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_s390.deb
Size/MD5 checksum: 56618 b6f512cc26c3323937a8ebb4affd2b27
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_s390.deb
Size/MD5 checksum: 58318 626f6878672bc0526c1e6c16c6185158
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_s390.deb
Size/MD5 checksum: 57908 d605dfaacb83ad92cf0f63297afa2ada

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_sparc.deb
Size/MD5 checksum: 59376 8d82b3e990a6a1fe6454a922b5235d40
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_sparc.deb
Size/MD5 checksum: 60694 4f0fea369173e6bb12694b3cd34a1128
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_sparc.deb
Size/MD5 checksum: 57778 bfddf178490d83f4706b8bc2c94fe4ee

These files will probably be moved into the stable distribution on its next revision.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>;