Package: nfs-utils Version: 1:1.2.2-4squeeze2 Severity: important Tags: security Control: found -1 1:1.2.6-3
Hi, the following vulnerability was published for nfs-utils. CVE-2013-1923[0]: rpc.gssd is vulnerable to DNS spoofing An explanation is also available at [1]. New upstream version 1.2.8 avoids DNS reverse lookups on server names[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923 http://security-tracker.debian.org/tracker/CVE-2013-1923 [1] http://ssimo.org/blog/id_015.html [2] https://www.kernel.org/pub/linux/utils/nfs-utils/1.2.8/1.2.8-ChangeLog Regards, Salvatore -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130509081530.9788.33903.report...@elende.valinor.li
