Hello, I currently have lprng 3.6.12-8 installed on my system. The version installed is the one apt-get and dselect import via the source.list. According to a message sent to this list, debian-security@lists.debian.org, by the package maintainer I was left with the impression Debian 2.2r2 is ok. However, the version number referenced does not match what I have. Since version numbers generally go up, I am a little confused by how 3.6.12-8 is more current than the suggested 3.6.25 of Lprng. I have checked and unstable includes 3.7.4-4.
Am I running a version that has the fix for the syslog() exploit? I tried downloading the 3.7.4-4 version but stopped when it complained about conflicts with suidmanager. And I am not a fan of the idea to switch my whole distribution over to unstable. What would be the suggested fix for this, if one is even required? Thank you, Ken P.S. Could anyone who responds to this please send me a copy via e-mail?