Hi release team, please unblock rsyslog 3.18.6-1. It contains an important security fix, which is reported as Debian bug [1].
Further information regarding the security issue can be found at secunia [2] and
upstream [3]. The complete upstream changes between 3.18.5 and 3.18.6 can be
found in the upstream git repository [4].
The Debian changelog is:
rsyslog (3.18.6-1) unstable; urgency=high
* New upstream bugfix release.
- Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender"
configuration directive was not respected, allowing unrestricted network
access to the application. Closes: #508027
No CVE id yet.
* Urgency high for the security fix.
* debian/patches/manpage_fixes.patch
- Fix typos in rsyslogd man page. Closes: #506925
Thanks to Geoff Simmons for the patch.
-- Michael Biebl <bi...@debian.org> Fri, 12 Dec 2008 17:36:02 +0100
Cheers,
Michael
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027
[2] http://secunia.com/Advisories/32857/
[3] http://www.rsyslog.com/Article322.phtml
[4]
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=b0317d31d98b17cd8b9b5d29f438191ac045cd33
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
