We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1
We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.
We have received reports that the lsof package is distributed in
Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow
it is possible for local users to gain root-access. We have fixed
this problem in version 4.37-3.