The remote host is missing an update to lurker announced via advisory DSA 999-1. Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerability and Exposures project identifies the following problems: CVE-2006-1062 Lurker's mechanism for specifying configuration files was vulnerable to being overridden. As lurker includes sections of unparsed config files in its output, an attacker could manipulate lurker into reading any file readable by the www-data user. CVE-2006-1063 It is possible for a remote attacker to create or overwrite files in any writable directory that is named mbox. CVE-2006-1064 Missing input sanitising allows an attacker to inject arbitrary web script or HTML. The old stable distribution (woody) does not contain lurker packages.

For the stable distribution (sarge) these problems have been fixed in version 1.2-5sarge1. For the unstable distribution (sid) these problems have been fixed in version 2.1-1. We recommend that you upgrade your lurker package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20999-1