On 21/06/13 09:56, Christoph Egger wrote:
> Steven Chamberlain writes:
>> Please could you do an upload of SVN r4525 to unstable?
>
> I guess you mean 4523? or some special branch?
Actually yes I meant r4523, although the more recent commits didn't
change anything in /trunk/kfreebsd-9.
Regards,
Steven Chamberlain writes:
> Please could you do an upload of SVN r4525 to unstable?
I guess you mean 4523? or some special branch?
Christoph
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processing commands for cont...@bugs.debian.org:
> # grrr
> notfound 712664 10.0~svn242489-1
Bug #712664 [src:kfreebsd-9] kfreebsd-9: CVE-2013-2171: Privilege escalation
via mmap
The source 'kfreebsd-9' and version '10.0~svn242489-1' do not appear to match
any binary packages
No longer marked as
Processing commands for cont...@bugs.debian.org:
> found 712664 10.0~svn242489-1
Bug #712664 [src:kfreebsd-9] kfreebsd-9: CVE-2013-2171: Privilege escalation
via mmap
The source 'kfreebsd-9' and version '10.0~svn242489-1' do not appear to match
any binary packages
Marked as found in versions kfr
Processing commands for cont...@bugs.debian.org:
> forwarded 712664
> http://security.freebsd.org/advisories/FreeBSD-SA-13:06.mmap.asc
Bug #712664 [src:kfreebsd-9] kfreebsd-9: CVE-2013-2171: Privilege escalation
via mmap
Set Bug forwarded-to-address to
'http://security.freebsd.org/advisories/Fr
A suggested workaround on vulnerable systems is:
sysctl security.bsd.unprivileged_proc_debug=0
(which works by disabling some functionality of GDB to non-root users)
Also the use of jails or securelevel could reduce the potential damage.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
T
Hi Steven,
Cc'ing team@security.d.o
On Wed, Jun 19, 2013 at 09:23:49PM +0100, Steven Chamberlain wrote:
> Attached are proposed debdiffs for an upload to wheezy-security, based
> on the version currently in wheezy.
Thanks Steven and Christoph for working on this issue.
> The versioning scheme f
Attached are proposed debdiffs for an upload to wheezy-security, based
on the version currently in wheezy.
The versioning scheme for the last security upload (with +deb70.$n)
looks a bit weird to me (and it has lower value than the next changelog
entry). So I also attach a second debdiff, proposi
Hi Christoph,
Please could you do an upload of SVN r4525 to unstable?
kfreebsd-9 as shipped with wheezy is indeed vulnerable and I can confirm
now that the fix works too.
Unfortunately the vulnerability is as simple and as serious as it
sounds. A non-privileged user can overwrite any file havin
Hi!
Steven Chamberlain writes:
> This is staged in SVN trunk as r4525, intended for upload to unstable
> very soon (and then we should request a DSA for wheezy). I'd like to
> know first that the fix is really working and didn't break anything.
> All I know yet is that it builds.
I can probably
Control: tags -1 pending
This is staged in SVN trunk as r4525, intended for upload to unstable
very soon (and then we should request a DSA for wheezy). I'd like to
know first that the fix is really working and didn't break anything.
All I know yet is that it builds.
p.s. I didn't see any SVN com
Processing control commands:
> tags -1 pending
Bug #712664 [src:kfreebsd-9] kfreebsd-9: CVE-2013-2171: Privilege escalation
via mmap
Added tag(s) pending.
--
712664: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712664
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Source: kfreebsd-9
Version: 9.0-11
Severity: grave
Tags: security upstream
Control: found -1 kfreebsd-9/9.0~svn223109-0.1
Privilege escalation via mmap:
http://security.freebsd.org/advisories/FreeBSD-SA-13:06.mmap.asc
This was introduced by r199819 when FreeBSD 9 was the SVN head. As such
it aff
13 matches
Mail list logo
