ff:
- * The fix for the scp security vulneraability in 2.3.4-5+deb9u1
+ * The fix for the scp security vulnerability in 2.3.4-4+deb8u2
.. and released this as a DLA-1660-2 "regression" update. I will leave
the stable update to the security team.
Best wishes,
--
,&#x
Works for me too and happy to take this. Claimed package in:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd5c546e66da71f4029f09337a84aadaa527dcce
Looking forward to receiving your debdiffs. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
ync --server --daemon .
> >
> > Is it really unsafe to issue a "rsync --server --daemon ." command so it
> > deserves to be blocked?`
FYI this is the patch in question:
https://sources.debian.org/src/rssh/2.3.4-11/debian/patches/0007-Verify-rsync-command-options.patch/
changed in the meantime?
b) Will this affect stretch? If so, what do we need to do now?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
> It was discovered that an integer overflow in the "Probe Request" packet
> parser of the Ralinktech wireless drivers might lead to remote denial of
> service or the execution of arbitrary code.
Not for us.
Regards,
--
Chris Lamb, www.playfire.com/lamby
> It was discovered that an integer overflow in the "Probe Request"
> packet parser of the Ralinktech wireless drivers might lead to
> remote denial of service or the execution of arbitrary code.
Not for us.
Regards,
--
Chris Lamb, www.playfire.com/lamby
> It was discovered that an integer overflow in the "Probe Request" packet
> parser of the Ralinktech wireless drivers might lead to remote denial of
> service or the execution of arbitrary code.
Not for us.
Regards,
--
Chris Lamb, www.playfire.com/lamby
7 matches
Mail list logo
