*** This bug is a security vulnerability ***
Public security bug reported:
Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)
This is an upstream security microrelease, consisting of exactly five
upstream commits on top of 1.6.6:
$ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
94ffd11 Make OpenAFS 1.6.7
5 files changed, 6 insertions(+), 6 deletions(-)
ba73b9a Update NEWS for 1.6.7
1 file changed, 8 insertions(+)
cde1526 viced: fix get-statistics64 buffer overflow
1 file changed, 5 insertions(+)
19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
1 file changed, 4 insertions(+), 5 deletions(-)
32688c0 rx: Split out rxi_SendConnectionAbortLater
1 file changed, 26 insertions(+), 7 deletions(-)
(All other pending upstream work has been delayed to 1.6.8.) There
are no extra Debian changes.
Changelog entries since current trusty version 1.6.6-1:
openafs (1.6.7-1) unstable; urgency=high
* New upstream security release.
- OPENAFS-SA-2014-001: Fix potential buffer overflow in the
fileserver. (CVE-2014-0159)
- Fix a potential DoS attack against Rx servers by avoiding suspending
the listener thread when delaying connection abort messages.
-- Russ Allbery <r...@debian.org> Wed, 09 Apr 2014 10:33:38 -0700
** Affects: openafs (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0159
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1305549
Title:
Sync openafs 1.6.7-1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1305549/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
