Hi,
There're two security issues affecting boinc in debian wheezy
(7.0.27+dfsg-5): CVE-2013-2018 and CVE-2013-2298[1]. I tried to
cherry-pick the patches from the git repo (boinc-v2), by following this
mail[2]. The resulted commits are in our git repo at alioth[3] (branch
wheezy), mainly:
42d787728856654550fae88542f551bc5781d1af for CVE-2013-2298
67d778a4f14e8b02ddf67f89a9a7b68f4d111302
173bfe585a829ff51ddb6543c24b2be920cfffe5
7a97bbee0344a0b3245e9288f09d5f0d0b77cc20
dd29bf941f6259db8e82d797f4efcb0fdc10b7c7 for CVE-2013-2018
with some small fixes following the above ones.
We (the Debian BOINC team) wish to upload these fixes as update for
wheezy. Before doing so, could you help us with reviewing the patches?
This patches differ from the original fixes because 7.0.27 is already
old when those fixes are introduced, so I'm unsure about some of my
modifications.
[1] https://security-tracker.debian.org/tracker/source-package/boinc
[2] http://marc.info/?l=oss-security&m=136726351816030&w=2
[3] http://git.debian.org/?p=pkg-boinc/boinc.git
[3.git] git://git.debian.org/git/pkg-boinc/boinc.git
[4] git://boinc.berkeley.edu/boinc-v2.git
Best regards,
GUO Yixuan
(cc'ing Debian BOINC team members)
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
