Masanari Yamamoto discovered that incorrect use of environment
variables in uim. This bug causes privilege escalation if setuid/setgid
applications was linked to libuim.
For the testing distribution (etch) this is fixed in version 1:0.4.7-2.0etch1
For the unstable distribution (sid) this is fixed in version 1:0.4.7-2
This upgrade is recommended if you use uim.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free