Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable
Ubuntu claims to have this fixed:
https://bugs.launchpad.net/bugs/670622
http://www.ubuntu.com/usn/usn-1045-1
http://www.ubuntu.com/usn/usn-1045-2
Last two references not yet available, see
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/date.html
instead.
Cheers, Paul
Pau
On Sun, 2011-01-02 at 19:06 +, Ben Hutchings wrote:
> I'll apply the attached patch for squeeze. Unfortunately we cannot fix
> the first bug on lenny as its version of mount does not support
> --no-canonicalize. There is no point in fixing only one of the bugs.
Actually, this doesn't quite
I've been trying to get to the bottom of this bug over the past day, not
helped by libfuse redirecting fusermount's stderr to /dev/null.
There are actually two bugs here with roughly the same effect.
When mounting, fusermount must:
1. Make the mount() system call;
2. Run the mount command to reco
user release.debian@packages.debian.org
usertag 602333 squeeze-can-defer
kthxbye
On Tue, Nov 23, 2010 at 06:50:10 +1100, paul.sz...@sydney.edu.au wrote:
> Ubuntu has now added the reference CVE-2010-3879 to
> https://bugs.launchpad.net/bugs/670622 and marked in "confirmed".
> Other interestin
Ubuntu has now added the reference CVE-2010-3879 to
https://bugs.launchpad.net/bugs/670622 and marked in "confirmed".
Other interesting references:
https://bugzilla.redhat.com/show_bug.cgi?id=651183
https://bugzilla.novell.com/show_bug.cgi?id=651598
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.a
Dear Adam,
> It would be more helpful if you checked, before filing grave bugs on
> packages.
I apologize for my laziness. I do not normally use fuse. Maybe I could
set up a test machine, but (unless succeeded in the exploit) would not
properly know whether Debian was safe. I thought it was bette
On Thu, 2010-11-04 at 07:24 +1100, Paul Szabo wrote:
> As reported on a public mailing list, fusermount in Ubuntu allows
> unprivileged users to unmount anything. I wonder if Debian is affected.
It would be more helpful if you checked, before filing grave bugs on
packages.
This sounds very much l
Package: fuse-utils
Version: 2.7.4-1.1+lenny1
Severity: grave
File: /usr/bin/fusermount
Tags: security
Justification: user security hole
As reported on a public mailing list, fusermount in Ubuntu allows
unprivileged users to unmount anything. I wonder if Debian is affected.
Relevant files attache
10 matches
Mail list logo
