On Tue, Feb 15, 2011 at 07:20:29PM -0000, Kees Cook wrote: > Actually, does this patch need backporting? When was the issue > reintroduced? > > nbd | 1:2.8.3-2 | dapper-updates/main > nbd | 1:2.9.9-1ubuntu1 | hardy/main > nbd | 1:2.9.11-2ubuntu1 | karmic/main > nbd | 1:2.9.14-2ubuntu1 | lucid/main > nbd | 1:2.9.14-2ubuntu1 | maverick/main > nbd | 1:2.9.16-7.1ubuntu1 | natty/main > > Dapper has the fix, I assume, based on the old CVE details (2.8.3-1 > fixed it originally).
Correct. > What about the 2.9.x series? Unfortunately, it was reintroduced fairly soon, on the then-development series that eventually resulted in the 2.9 series. So yeah, you'll need to do them all. Since the relevant code hasn't been changed all that much, however, it should apply to all the 2.9.x versions. If not, feel free to contact me and I'll look at it. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/718295 Title: Merge nbd 1:2.9.20-2 (main) from Debian unstable (main) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
