Unsubscribing ubuntu-security-sponsors as there is no further debdiff to
process. Please re-subscribe when attaching another one. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513461
Title:
This bug was fixed in the package openafs - 1.6.7-1ubuntu1.1
---
openafs (1.6.7-1ubuntu1.1) trusty-security; urgency=low
* SECURITY UPDATES (LP: #1513461):
- CVE-2015-3282: Clear nvldbentry before sending on the wire
- CVE-2015-3283: Use crypt for commands where spoofing cou
Debdiff in comment #11 looks good, thanks!
Package is building now (with a couple of minor debian/changelog
changes) and will be released when built.
Thanks!
** Changed in: openafs (Ubuntu Trusty)
Status: Confirmed => In Progress
--
You received this bug notification because you are a m
** Also affects: openafs (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: openafs (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: openafs (Ubuntu Xenial)
Importance: High
Status: Fix Released
** Also affects: openafs (Ubuntu Precis
Ok then, here's the patch with all the CVEs addressed.
Fully copied from upstream.
** Patch added: "openafs-1.6.7-1ubuntu2.patch"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1513461/+attachment/4515914/+files/openafs-1.6.7-1ubuntu2.patch
--
You received this bug notification beca
Sure thing, I'll add a patch as soon as I've had time to make it.
You should note that one of the patches, the one addressing:
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6587.html
Has a couple of issues.
Basically, it removes functionality as an interim fix for the actual patc
We usually backport the specific security fixes, rather than whole
versions so we don't introduce any other unrelated changes.
Could you simply add the security fixes as was done in precise's
1.6.1-1+ubuntu0.6 and 1.6.1-1+ubuntu0.7 packages?
--
You received this bug notification because you are
Hmm, I suppose I could.
All those errors seems to have been fixed in normal patches to openafs in
different versions.
Would you prefer if i patched it up ti 1.6.15-1 directly or made a
1.6.7-ubuntu# which will basically be the same as 1.6.15-1?
--
You received this bug notification because you
There are other CVEs which are still unfixed in the trusty package. Do
you think you could add them also to the debdiff?
http://people.canonical.com/~ubuntu-security/cve/pkg/openafs.html
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
Here's the same patch but made for trusty and for 1.6.7 instead.
** Patch added: "openafs-1.6.7-1ubuntu2.patch"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1513461/+attachment/4514055/+files/openafs-1.6.7-1ubuntu2.patch
--
You received this bug notification because you are a memb
Great, thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513461
Title:
OPENAFS-SA-2015-007 "Tattletale"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/
This bug was fixed in the package openafs - 1.6.1-1+ubuntu0.7
---
openafs (1.6.1-1+ubuntu0.7) precise-security; urgency=low
* SECURITY UPDATE: Apply OPENAFS-SA-2015-007 "Tattletale" patch
(LP: #1513461)
- OPENAFS-SA-2015-007.patch: Rx ACK packets leak plaintext of previous
(FYI, I made a couple of minor changes to the debian/changelog file)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513461
Title:
OPENAFS-SA-2015-007 "Tattletale"
To manage notifications about this
ACK on the debdiff, thanks!
Update package is building now and will be released when ready. Thanks!
** Changed in: openafs (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
** Information type changed from Private Security to Public Security
** Changed in: openafs (Ubuntu)
Status: New => Triaged
** Changed in: openafs (Ubuntu)
Importance: Undecided => High
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7762
** CVE added: http://www
15 matches
Mail list logo
