[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1051-1 security@xxxxxxxxxx
http://www.debian.org/security/ Martin Schulze
May 4th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293
CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884
CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531
CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728
CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737
CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741
CVE-2006-1742 CVE-2006-1790
CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382
VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
BugTraq IDs : 15773 16476 16476 16770 16881 17516
Several security related problems have been discovered in Mozilla
Thunderbird. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
CVE-2005-2353
The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.
CVE-2005-4134
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
CVE-2006-0292
The Javascript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
CVE-2006-0293
The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
CVE-2006-0296
XULDocument.persist() did not validate the attribute name,
allowing an attacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]
CVE-2006-0748
An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]
CVE-2006-0749
A particular sequence of HTML tags can cause memory corruption
that can be exploited to exectute arbitary code. [MFSA-2006-18]
CVE-2006-0884
Georgi Guninski reports that forwarding mail in-line while using
the default HTML "rich mail" editor will execute JavaScript
embedded in the e-mail message with full privileges of the client.
[MFSA-2006-21]
CVE-2006-1045
The HTML rendering engine does not properly block external images
from inline HTML attachments when "Block loading of remote images
in mail messages" is enabled, which could allow remote attackers
to obtain sensitive information. [MFSA-2006-26]
CVE-2006-1529
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1530
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1531
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1723
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1724
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]
CVE-2006-1727
Georgi Guninski reported two variants of using scripts in an XBL
control to gain chrome privileges when the page is viewed under
"Print Preview".under "Print Preview". [MFSA-2006-25]
CVE-2006-1728
"shutdown" discovered that the crypto.generateCRMFRequest method
can be used to run arbitrary code with the privilege of the user
running the browser, which could enable an attacker to install
malware. [MFSA-2006-24]
CVE-2006-1729
Claus Jørgensen reported that a text input box can be pre-filled
with a filename and then turned into a file-upload control,
allowing a malicious website to steal any local file whose name
they can guess. [MFSA-2006-23]
CVE-2006-1730
An anonymous researcher for TippingPoint and the Zero Day
Initiative discovered an integer overflow triggered by the CSS
letter-spacing property, which could be exploited to execute
arbitrary code. [MFSA-2006-22]
CVE-2006-1731
"moz_bug_r_a4" discovered that some internal functions return
prototypes instead of objects, which allows remote attackers to
conduct cross-site scripting attacks. [MFSA-2006-19]
CVE-2006-1732
"shutdown" discovered that it is possible to bypass same-origin
protections, allowing a malicious site to inject script into
content from another site, which could allow the malicious page to
steal information such as cookies or passwords from the other
site, or perform transactions on the user's behalf if the user
were already logged in. [MFSA-2006-17]
CVE-2006-1733
"moz_bug_r_a4" discovered that the compilation scope of privileged
built-in XBL bindings is not fully protected from web content and
can still be executed which could be used to execute arbitrary
JavaScript, which could allow an attacker to install malware such
as viruses and password sniffers. [MFSA-2006-16]
CVE-2006-1734
"shutdown" discovered that it is possible to access an internal
function object which could then be used to run arbitrary
JavaScriptcode with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-15]
CVE-2006-1735
It is possible to create JavaScript functions that would get
compiled with the wrong privileges, allowing an attacker to run
code of their choice with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-14]
CVE-2006-1736
It is possible to trick users into downloading and saving an
executable file via an image that is overlaid by a transparent
image link that points to the executable. [MFSA-2006-13]
CVE-2006-1737
An integer overflow allows remote attackers to cause a denial of
service and possibly execute arbitrary bytecode via JavaScript
with a large regular expression. [MFSA-2006-11]
CVE-2006-1738
An unspecified vulnerability allows remote attackers to cause a
denial of service. [MFSA-2006-11]
CVE-2006-1739
Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
array write and buffer overflow that could lead to a denial of
service and the possible execution of arbitrary code. [MFSA-2006-11]
CVE-2006-1740
It is possible for remote attackers to spoof secure site
indicators such as the locked icon by opening the trusted site in
a popup window, then changing the location to a malicious site.
[MFSA-2006-12]
CVE-2006-1741
"shutdown" discovered that it is possible to inject arbitrary
JavaScript code into a page on another site using a modal alert to
suspend an event handler while a new page is being loaded. This
could be used to steal confidential information. [MFSA-2006-09]
CVE-2006-1742
Igor Bukanov discovered that the JavaScript engine does not
properly handle temporary variables, which might allow remote
attackers to trigger operations on freed memory and cause memory
corruption, causing memory corruption. [MFSA-2006-10]
CVE-2006-1790
A regression fix that could lead to memory corruption allows
remote attackers to cause a denial of service and possibly execute
arbitrary code. [MFSA-2006-11]
For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8.
For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.2-1 of thunderbird.
We recommend that you upgrade your Mozilla Thunderbird packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.dsc
Size/MD5 checksum: 997 0327b5d56178e6045be49e9b78c60b76
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.diff.gz
Size/MD5 checksum: 329931 4dab3c7b21e40d055b95d74c35bedb58
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_alpha.deb
Size/MD5 checksum: 12838168 bda025fdf3b077045cc21bab3a89e257
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_alpha.deb
Size/MD5 checksum: 3276290 6a1a40cacc0bf38e951acc448ef29db0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_alpha.deb
Size/MD5 checksum: 150442 fca6c3f049cdf068da21a4edec3974e2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_alpha.deb
Size/MD5 checksum: 31886 f9f96e466c0bef3a0255c9eedded7bb3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_alpha.deb
Size/MD5 checksum: 87722 1280bc887809f52e77ea9f1b53739189
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb
Size/MD5 checksum: 12246434 286f415370cea50e1db9e3cd42d2e4c2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb
Size/MD5 checksum: 3277348 757202c4103104bbf82ce17ff93de6ad
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb
Size/MD5 checksum: 149416 9f727c74782a27cbc31ba9c3cc05e365
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb
Size/MD5 checksum: 31884 451a6095a65939e5c5fa01cbcce3f399
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb
Size/MD5 checksum: 87560 1b4e74ca5a206c0028c7385a37c9d72c
ARM architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_arm.deb
Size/MD5 checksum: 10336960 226d96bb928a8a5f1169e8e8f22cb94c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_arm.deb
Size/MD5 checksum: 3268838 d6df5cef8606a925ab2e0f6d4759e2bf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_arm.deb
Size/MD5 checksum: 141526 fb78403f901f5a3551864aae8677855b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_arm.deb
Size/MD5 checksum: 31904 5e442a325862851a1ddcdf098f602488
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_arm.deb
Size/MD5 checksum: 79556 d93846c81f778cdc8089f594edcdee29
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb
Size/MD5 checksum: 11560136 b0e311d92acdc0c7e8b14b67bbf87a63
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb
Size/MD5 checksum: 3503954 c76b1c2003373abb489d55fbc1cf8e9b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb
Size/MD5 checksum: 145070 42bfc6d7e45c85a328c974e0dbf33a2d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb
Size/MD5 checksum: 31882 6699d265d72be8d47e29607c19233ea5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb
Size/MD5 checksum: 86338 f71fa003bb6cbd5e073791c02215f55f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb
Size/MD5 checksum: 14613050 4ebeb5db1064173aa1c0f4f63debe1a4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb
Size/MD5 checksum: 3289384 28b78ccc68aa644a6e7ccfe1da7ed6c2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb
Size/MD5 checksum: 153794 3d08e3ca8da7aab4d18325018f089cf1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb
Size/MD5 checksum: 31886 5a51526eac30e965016709c84e5789cc
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb
Size/MD5 checksum: 105440 bbf8174130d63df6a84a181e6f8f77d4
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_hppa.deb
Size/MD5 checksum: 13558548 62fa53905105857b25039b360f5ed165
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_hppa.deb
Size/MD5 checksum: 3282030 5c8f3bc938f0d9ee87588cbfb2cf79fb
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_hppa.deb
Size/MD5 checksum: 151644 0a2894a49adc27f41dbc34ae850998cb
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_hppa.deb
Size/MD5 checksum: 31886 06078286e5baa9703eecac8678c6259a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_hppa.deb
Size/MD5 checksum: 95646 82233c3c9d614801a19d6e07031a7e0a
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_m68k.deb
Size/MD5 checksum: 10782388 f59c564e46e44dcbe7e045635a500253
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_m68k.deb
Size/MD5 checksum: 3267578 646924bd2241dd7c4c61be86ed52f66e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_m68k.deb
Size/MD5 checksum: 143414 2ceb5e38365ba6488c0e0bbda2c16de2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_m68k.deb
Size/MD5 checksum: 31924 c79717feb3366b475a181fb94666a308
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_m68k.deb
Size/MD5 checksum: 80832 52d33e4efd5d53f0d88a45b560348fc5
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mips.deb
Size/MD5 checksum: 11940252 693556d436d10d0dfc0df428967bc054
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mips.deb
Size/MD5 checksum: 3275664 eeaff88720b28b8624e4e2683deb8156
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mips.deb
Size/MD5 checksum: 146354 84e79291c3a085c9315140b01d00620c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mips.deb
Size/MD5 checksum: 31894 ca7b49008df0913a853614cc1e1f58d0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mips.deb
Size/MD5 checksum: 83106 297bef79199e69cd7eed64aba0472de1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mipsel.deb
Size/MD5 checksum: 11801596 bbf40fdabbe94838a63d689263b13dfc
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mipsel.deb
Size/MD5 checksum: 3276522 56b8c3fbf4dfe10c11219f722dee243f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mipsel.deb
Size/MD5 checksum: 145920 55354ff3950db25f7a43d7dd643bdc0c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mipsel.deb
Size/MD5 checksum: 31902 7792444ecceba497bbea95aa79bfd541
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mipsel.deb
Size/MD5 checksum: 82932 a618ae0dc3fa628c9b942bc19a9e041b
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_powerpc.deb
Size/MD5 checksum: 10900888 5a4bfd9854a2402b57a0f7fbeebc69e4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_powerpc.deb
Size/MD5 checksum: 3266966 2f9dfc8d97dfbc136d3d4a409d86080c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_powerpc.deb
Size/MD5 checksum: 143398 f1ed2509f11198cc79350ec34a8d169f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_powerpc.deb
Size/MD5 checksum: 31892 555cd49ac0135b6cca34e346b1730916
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_powerpc.deb
Size/MD5 checksum: 79634 55a53bdc25f21625e6a5bf7409a79a60
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_s390.deb
Size/MD5 checksum: 12694418 cb417029c1f1403fd85ad62696ba9a6a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_s390.deb
Size/MD5 checksum: 3277050 c9e56aa35a7ee4b3efb70aac8d1fb2b4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_s390.deb
Size/MD5 checksum: 149736 ddb248089886f5377167866e098276ee
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_s390.deb
Size/MD5 checksum: 31894 757eabc20b4c623116efbfa6514f8674
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_s390.deb
Size/MD5 checksum: 87580 a78dce29c87b7e57f30eb4ab566474b2
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_sparc.deb
Size/MD5 checksum: 11164666 54d3682c2946c7a1a1a2f4d5632c5a9e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_sparc.deb
Size/MD5 checksum: 3271818 eec83ea3565d2a6137a077a0ac7bd0bf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_sparc.deb
Size/MD5 checksum: 143070 513f4ab787b0d0b680b562cb6e63fa18
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_sparc.deb
Size/MD5 checksum: 31898 92244cdf10019877a52c4be13ec1fcdf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_sparc.deb
Size/MD5 checksum: 81430 041e86b0c9ea28c4f28973b9e1be627d
These files will probably be moved into the stable distribution on
its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEWbk2W5ql+IAeqTIRAq/CAJ9uKbZsW70eiVPzhZzKIHx4BJrhmQCdFRMv
nMPPOXb1A+ldZAOtytVNiDo=
=NaAq
-----END PGP SIGNATURE-----