Debian Security Advisory DSA 028-1 (man-db)

The remote host is missing an update to man-db announced via advisory DSA 028-1.
Styx has reported that the program `man' mistakenly passes malicious strings (i.e. containing format characters) through routines that were not meant to use them as format strings. Since this could cause a segmentation fault and privileges were not dropped it may lead to an exploit for the 'man' user. We recommend you upgrade your man-db package immediately.