Debian DSA-1465-2 : apt-listchanges - programming error
High Nessus Plugin ID 30000
SynopsisThe remote Debian host is missing a security-related update.
DescriptionFelipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
SolutionUpgrade the apt-listchanges package.
For the old stable distribution (sarge), this problem was not present.
For the stable distribution (etch), this problem has been fixed in version 2.72.5etch1.