in Planet OpenSource Debian policyd-weight Packaging security ~ read.

[security] policyd-weight 0.1.14-beta-6etch1/0.1.14.15-1

This Tuesday Robert Felber released a new upstream version. It is a (local) security bugfix (and some minor fixes) which was reported on Sunday by Chris Howells to the Debian Security Team (as well as to other vendors). Today DSA-1531 was released.

Right from the DSA:

"... created its socket in an insecure way, which may be exploited to overwrite or remove arbitary files from the local system."

So please update you systems if you use this package asap.

While we are at policyd-weight... there is one bug open (#471645) where I'm unsure if I want to fix it, cause only stable is effected and the problem can be solved by providing a adjusted array of rbl in the config file. Should I ask for inclusion directly into stable? But it's a really minor issue. Or try to get 0.1.14.15 uploaded to volatile? I'm really unsure and suggestions are welcome.