On Fri, 2013-05-24 at 23:05 +0200, Florian Weimer wrote:
> * Adam D. Barratt:
>
> > On Fri, 2013-05-24 at 22:20 +0200, Florian Weimer wrote:
> >> * Steven Chamberlain:
> >> > I notice a problem though when this was (I think - I'm unsure of the
> >> > security team's processes here) copied to the m
* Adam D. Barratt:
> On Fri, 2013-05-24 at 22:20 +0200, Florian Weimer wrote:
>> * Steven Chamberlain:
>> > I notice a problem though when this was (I think - I'm unsure of the
>> > security team's processes here) copied to the main archive, probably so
>> > that it can be included in stable-propo
On Fri, 2013-05-24 at 22:20 +0200, Florian Weimer wrote:
> * Steven Chamberlain:
> > I notice a problem though when this was (I think - I'm unsure of the
> > security team's processes here) copied to the main archive, probably so
> > that it can be included in stable-proposed-updates:
>
> Thanks f
* Steven Chamberlain:
> Hi,
>
> On 22/05/13 19:46, Florian Weimer wrote:
>> Sorry for the delay. I'm taking care of this now.
>
> Thank you for the DSA.
>
> I notice a problem though when this was (I think - I'm unsure of the
> security team's processes here) copied to the main archive, probably
Hi,
On 22/05/13 19:46, Florian Weimer wrote:
> Sorry for the delay. I'm taking care of this now.
Thank you for the DSA.
I notice a problem though when this was (I think - I'm unsure of the
security team's processes here) copied to the main archive, probably so
that it can be included in stable-
* Steven Chamberlain:
> On 01/05/13 15:20, Christoph Egger wrote:
>> Florian Weimer writes:
>>> Looks good. Please upload to security-master directly. You have to
>>> rebuild with -sa, though, so that the upstream tarball is included in
>>> the upload.
>>
>> Should be somewhere in your queue n
Dear Security Team,
On 01/05/13 15:20, Christoph Egger wrote:
> Florian Weimer writes:
>> Looks good. Please upload to security-master directly. You have to
>> rebuild with -sa, though, so that the upstream tarball is included in
>> the upload.
>
> Should be somewhere in your queue now
Was th
Florian Weimer writes:
> * Christoph Egger:
>
>> Packages will be in people.d.o:~christoph soon (or shall I upload to
>> security directly?
>
> Looks good. Please upload to security-master directly. You have to
> rebuild with -sa, though, so that the upstream tarball is included in
> the upload.
Hi!
Steven Chamberlain writes:
> Is that the correct version number for a security upload? (9.0-10+deb70.1)
>
> I'm more used to seeing something like +wheezy1
As +wheezy actually is larger that +jessie the +deb$something are the
new style for stable version numbering as far as I understand
Is that the correct version number for a security upload? (9.0-10+deb70.1)
I'm more used to seeing something like +wheezy1
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listma
* Christoph Egger:
> Packages will be in people.d.o:~christoph soon (or shall I upload to
> security directly?
Looks good. Please upload to security-master directly. You have to
rebuild with -sa, though, so that the upstream tarball is included in
the upload.
--
To UNSUBSCRIBE, email to debi
Florian Weimer writes:
> * Christoph Egger:
>
>> Hi!
>>
>> Steven Chamberlain writes:
>>> tags 706414 + pending
>>> thanks
>>>
>>> I've applied upstream's patch in SVN, I'm running it now on my NFS
>>> server and seems okay.
>>>
>>> Christoph, would you be able to do an upload of this to unstable
* Christoph Egger:
> Hi!
>
> Steven Chamberlain writes:
>> tags 706414 + pending
>> thanks
>>
>> I've applied upstream's patch in SVN, I'm running it now on my NFS
>> server and seems okay.
>>
>> Christoph, would you be able to do an upload of this to unstable please?
>
> I'm building right now.
On 01/05/13 11:14, Christoph Egger wrote:
> [...] As it is too late for wheezy r0 it seems we'll
> need to go through either security or stable-updates for wheezy
Yes, we need to fix it in sid anyway. I think this (in kfreebsd-9)
merits a DSA and the fix made available via security.d.o as soon as
Hi!
Steven Chamberlain writes:
> tags 706414 + pending
> thanks
>
> I've applied upstream's patch in SVN, I'm running it now on my NFS
> server and seems okay.
>
> Christoph, would you be able to do an upload of this to unstable please?
I'm building right now. As it is too late for wheezy r0 it
Processing commands for cont...@bugs.debian.org:
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was
a...@adam-barratt.org.uk).
> usertags 706414 + wheezy-can-defer
There were no usertags set.
Usertags are now: wheezy-can-defer.
> tags 706414
user release.debian@packages.debian.org
usertags 706414 + wheezy-can-defer
tags 706414 + wheezy-ignore
thanks
On Mon, 2013-04-29 at 23:53 +0100, Steven Chamberlain wrote:
> I've applied upstream's patch in SVN, I'm running it now on my NFS
> server and seems okay.
>
> Christoph, would you be
Processing commands for cont...@bugs.debian.org:
> tags 706414 + pending
Bug #706414 [src:kfreebsd-9] CVE-2013-3266: Insufficient input validation in
the NFS server
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
706414: http://bugs.debian.o
tags 706414 + pending
thanks
I've applied upstream's patch in SVN, I'm running it now on my NFS
server and seems okay.
Christoph, would you be able to do an upload of this to unstable please?
Many thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-bs
Processing commands for cont...@bugs.debian.org:
> clone 706414 -1
Bug #706414 [src:kfreebsd-9] CVE-2013-3266: Insufficient input validation in
the NFS server
Bug 706414 cloned as bug 706418
> reassign -1 src:kfreebsd-8
Bug #706418 [src:kfreebsd-9] CVE-2013-3266: Insufficient input validation in
clone 706414 -1
reassign -1 src:kfreebsd-8
found -1 8.3-6
severity -1 important
This bug also affects kfreebsd-8, but the vulnerable NFS implementation
is not the one used by default in 8.x kernels.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-bsd-requ.
On 29/04/13 22:46, Steven Chamberlain wrote:
> Upstream published a security advisory for the nfsserver implementation
> as shipped by kfreebsd-9 packages. (See above URL for reference).
Correction for security advisory URL:
http://security.freebsd.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
R
Source: kfreebsd-9
Version: 9.0-10
Severity: grave
Tags: security upstream
Forwarded: http://security.freebsd.org/patches/SA-03:05/nfsserver.patch
Upstream published a security advisory for the nfsserver implementation
as shipped by kfreebsd-9 packages. (See above URL for reference).
Insufficien
23 matches
Mail list logo
