On Oct 16, Raphael Hertzog wrote:
> If Marco doesn't want to do it, let me know and I can take care of the
> upload + announce for squeeze-lts.
I do not really use pppd anymore and my co-maintainer does not have much
time either, so I do not really have plans to work on it right now.
(Yes, I hav
On Thu, 16 Oct 2014, Andrew Bartlett wrote:
> On Thu, 2014-10-16 at 02:30 +0200, Marco d'Itri wrote:
> > On Oct 16, Andrew Bartlett wrote:
> >
> > > Thanks. How do you wish to proceed?
> > I suggest that you just upload the package.
>
> Just to be clear, I'm not (yet) a Debian Maintainer, so I
On Thu, 2014-10-16 at 02:30 +0200, Marco d'Itri wrote:
> On Oct 16, Andrew Bartlett wrote:
>
> > Thanks. How do you wish to proceed?
> I suggest that you just upload the package.
Just to be clear, I'm not (yet) a Debian Maintainer, so I don't have
upload rights, or the right to send out the DLA
On Oct 16, Andrew Bartlett wrote:
> Thanks. How do you wish to proceed?
I suggest that you just upload the package.
--
ciao,
Marco
signature.asc
Description: Digital signature
On Thu, 2014-10-16 at 01:36 +0200, Marco d'Itri wrote:
> On Oct 16, Andrew Bartlett wrote:
>
> > I've prepared a a fix for CVE-2014-3158, an integer overflow potentially
> > permitting a user in the dip group to abuse the privileges of the setuid
> > root pppd binary by supplying a very, very lon
I've prepared a a fix for CVE-2014-3158, an integer overflow potentially
permitting a user in the dip group to abuse the privileges of the setuid
root pppd binary by supplying a very, very long options line in
~/.ppprc.
Please review the attached debdiff for squeeze-lts (the other
distributions al
On Oct 16, Andrew Bartlett wrote:
> I've prepared a a fix for CVE-2014-3158, an integer overflow potentially
> permitting a user in the dip group to abuse the privileges of the setuid
> root pppd binary by supplying a very, very long options line in
> ~/.ppprc.
Is this actually known to be exploi
