Debian alert DSA-6012-1 (nncp)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6012-1] nncp security update | |
| Date: | Fri, 26 Sep 2025 21:20:19 +0000 | |
| Message-ID: | <E1v2FrX-000JeB-3C@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6012-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 26, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nncp CVE ID : CVE-2025-60020 Debian Bug : 1115848 Eugene Medvedev discovered that nncp, a package facilitating secure store-and-forward file and mail exchange, was susceptible to path traversal with the freq and file commands. For the oldstable distribution (bookworm), this problem has been fixed in version 8.8.2-3+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 8.11.0-4+deb13u1. We recommend that you upgrade your nncp packages. For the detailed security status of nncp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nncp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjXAvpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SoMxAAmfLIomES0lQQ/v3DhFZsflOb1OTqXPx+o0PPQWKAuM/E/cLq2+Gw4kuk cmXSnRRhnxd5CyrlT9PK530VLUuVZA3dLvgPPBP4uF1q+NVb/8rax/agrYFq9MiI wGvbKL1maKUQey87cPMQSwne7kzNrcE0eHEVTpuCR8miuaGm32N/287l5Kt3f7s3 0veViM9yCOcZTrxnVDwByZEiWZCXnCVXIKhYl3HS3honnfUTPflswyYhm2FHYQHQ v+hXTzMOZ6fT6TOp8evAn/4K+sbWaFSABl+1EbtT9DIjjVwZJS6ZRYSP7sBg4Fc4 OLq0htVm8mLNvmbqIPPL8CrppQZvs6OQe8/IEIeEcc7IAkzzu6HexMZmTws+jCRb wJ0UC3zkKgo3pH2B5lhAVk8HtA50u9+D9QSYZwcqKho6EyQnqyaVCheuphHutFmK OyLjwjI4/kWjx4sG70L+3xCp3F0IE19CL1QdT50DwjdR+bwmrOOSoR+GB75FNmED /nuDLsCg5hRJHTq7ZUnkoJgHBpi6mi7sx9dhNiFzsPMxuG4h8qFZPweQwf6H36l/ eXe5kQs44VZvsli0JUE6ZGKfmXX57wrhgB6mVfrWi2DjEqxdtwPOorjgWy/vJee7 VRt+yX93PXdiEdEmYbLbgqenvnfcjMTAm2mHzlIdl7u6QJv4wt4= =E/eY -----END PGP SIGNATURE-----