On Sun, Oct 19, 2008 at 08:07:34PM +0200, Pierre Habouzit wrote: >On Sun, Oct 19, 2008 at 10:20:01AM +0000, Aníbal Monsalve Salazar wrote: >>On Sun, Oct 19, 2008 at 04:14:56PM +1100, Anibal Monsalve Salazar wrote: >>>Please consider preapproving nfs-utils/1:1.1.2-6lenny1 to fix >>>CVE-2008-4552. >>> >>>http://bugs.debian.org/502680 >>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 >>>https://bugzilla.redhat.com/show_bug.cgi?id=458676 >>> >>>Changes: >>> nfs-utils (1:1.1.2-6lenny1) testing-proposed-updates; urgency=high >>> . >>> * Fix CVE-2008-4552 >>> nfs-utils 1.1.2, and possibly other versions before 1.1.3, invokes the >>> host_ctl function with the wrong order of arguments, which causes TCP >>> Wrappers to ignore netgroups and allows remote attackers to bypass >>> intended access restrictions. >>> Closes: #502680 >> >>The change is very minimal. > >looks fine, please upload and ping us again.
done
signature.asc
Description: Digital signature
