Debian Security Advisory DSA 102-2 (at)

The remote host is missing an update to at announced via advisory DSA 102-2.
Basically, this is the same Security Advisory as DSA 102-1, except that the uploaded binary packages really fix the problem this time. Unfortunately the bugfix from DSA 102-1 wasn't propagated properly due to a packaging bug. While the file parsetime.y was fixed, and should be generated from it, from the original source was still used. This has been fixed now. The original advisory said: zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user. This has been fixed in at 3.1.8-10.2 for the stable Debian release and 3.1.8-11 for the unstable and testing release. Packages for unstable have just been uploaded into <>. We recommend that you upgrade your at packages immediately since an exploit has already been published.