Debian Security Advisory DSA 264-1 (lxr)

Summary
The remote host is missing an update to lxr announced via advisory DSA 264-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20264-1
Insight
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public. For the stable distribution (woody) this problem has been fixed in version 0.3-3. The old stable distribution (potato) is not affected since it does not contain an lxr package. For the unstable distribution (sid) this problem has been fixed in version 0.3-4. We recommend that you upgrade your lxr package.