Debian DSA-1465-2 : apt-listchanges - programming error
High Nessus Plugin ID 30000
SynopsisThe remote Debian host is missing a security-related update.
DescriptionFelipe Sateler discovered that apt-listchanges, a package change
history notification tool, used unsafe paths when importing its python
libraries. This could allow the execution of arbitrary shell commands
if the root user executed the command in a directory which other local
users may write to.
SolutionUpgrade the apt-listchanges package.
For the old stable distribution (sarge), this problem was not present.
For the stable distribution (etch), this problem has been fixed in