Bug#908616: marked as done (OpenAFS security release)

[Debian Bug Tracking System]

Your message dated Wed, 12 Sep 2018 08:41:43 +0000
with message-id <e1g00iv-000fyj...@fasolo.debian.org>
and subject line Bug#908616: fixed in openafs 1.8.2-1
has caused the Debian Bug report #908616,
regarding OpenAFS security release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
908616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: openafs
Version: 1.6.9-2+deb8u7
Tags: security
Severity: serious

OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt

No CVEs have been assigned yet.

-Ben

--- End Message ---

--- Begin Message ---

Source: openafs
Source-Version: 1.8.2-1

We believe that the bug you reported is fixed in the latest version of
openafs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anders Kaseorg <ande...@mit.edu> (supplier of updated openafs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Sep 2018 22:53:43 -0700
Source: openafs
Binary: openafs-client openafs-fuse openafs-fileserver openafs-dbserver 
openafs-doc openafs-krb5 libkopenafs2 libafsauthent2 libafsrpc2 libopenafs-dev 
openafs-modules-source openafs-modules-dkms
Architecture: source
Version: 1.8.2-1
Distribution: unstable
Urgency: high
Maintainer: Benjamin Kaduk <ka...@mit.edu>
Changed-By: Anders Kaseorg <ande...@mit.edu>
Description:
 libafsauthent2 - AFS distributed file system runtime library (authentication)
 libafsrpc2 - AFS distributed file system runtime library (RPC layer)
 libkopenafs2 - AFS distributed file system runtime library (PAGs)
 libopenafs-dev - AFS distributed filesystem development libraries
 openafs-client - AFS distributed filesystem client support
 openafs-dbserver - AFS distributed filesystem database server
 openafs-doc - AFS distributed filesystem documentation
 openafs-fileserver - AFS distributed filesystem file server
 openafs-fuse - AFS distributed file system experimental FUSE client
 openafs-krb5 - AFS distributed filesystem Kerberos 5 integration
 openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source
 openafs-modules-source - AFS distributed filesystem kernel module source
Closes: 908616
Changes:
 openafs (1.8.2-1) unstable; urgency=high
 .
   * New upstream release 1.8.1.1:
     - Support Linux 4.18.
   * New upstream security release 1.8.2 (Closes: #908616):
     - Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
       (CVE-2018-16947).
     - Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
       (CVE-2018-16948).
     - Fix OPENAFS-SA-2018-003: denial of service due to excess resource
       consumption (CVE-2018-16949).
Checksums-Sha1:
 13493550588c28a6ea084bef287a264aed246893 3455 openafs_1.8.2-1.dsc
 1a9372ce6fde9af18b2a77c7d45a40a2e801b9e5 6742532 openafs_1.8.2.orig.tar.xz
 ea7cbf795f7454eccf659bb1efc46e40537d4e75 138436 openafs_1.8.2-1.debian.tar.xz
 5fdfb8386f2765ddf38199f695086faf8211b286 8852 openafs_1.8.2-1_source.buildinfo
Checksums-Sha256:
 3e886cf1c1158d399c579497f97e0134b45c41977ed464a2b18e129b65519292 3455 
openafs_1.8.2-1.dsc
 e1a464152ccb05f75fe9be577a40177c1f7a7ffb2a56c53fa4e8a349b1983d1f 6742532 
openafs_1.8.2.orig.tar.xz
 2e32b25494c99c396a252749e6b28a83ca34173b99c2df80d9122bd6f569c134 138436 
openafs_1.8.2-1.debian.tar.xz
 825d75c108daf83491ee8394d4e70c3ca93f7667816a435044b4c49f625eeae6 8852 
openafs_1.8.2-1_source.buildinfo
Files:
 2bf2a0dbec31d6bf5dc46be1218f2439 3455 net optional openafs_1.8.2-1.dsc
 28940368b1572eba2dcd40109b77ac9e 6742532 net optional openafs_1.8.2.orig.tar.xz
 d27b75728f5a2740e27d0df2f147eeb2 138436 net optional 
openafs_1.8.2-1.debian.tar.xz
 09bcf6e16a89defd4e50b28b44318aac 8852 net optional 
openafs_1.8.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEajxn1/ARkAzFOSSL3/OrN08W9zoFAluYwaUACgkQ3/OrN08W
9zqYZQwAhhDoPVOR4JmYSZr5C3OygFjf2+paKdlqCv0hGj/WPX9kvGElR+JMfnFN
9ROlxf+t6iY5ejpgrGRy+zxKgBioA25GxJ7JZH0fV5grEQuWVifhvFU4jNF9abph
ewAXtkYVGx4W+KRR6m5WBEtmQ0/k22zgnLCGY691P+gPfmY/p0j9EM2+SiGRtGQG
xrcCr25e3dF7OM4vvFfUPpvu49CNGQMH5vRAHncuExISVjsL6yQ3jUu08Z9odxaF
9vxXizwh9uG2lSBENkE76VHZZFMv3Az1/DK5y6rdN3z9pBwqAOj8zMUxcOyFH9CR
oZMD67zR18fgZUc2bZ4MIrtGz1QCI+3VSDVJUTLdts9+3QivBOKPSvLJa6m3ASQZ
Ch+2PdHozWuqJTKWJKZGZiJvxZZKQO+fOish9DdEiVZT5FxEIOdPStcCxVmd0lkK
fJDjpj/sWOcgonw4X9lSONfN/zXxQPTLsP/eSqvWBbUYoz//d1dXkPyg85K0BXFL
UwfDb2S8
=XDz+
-----END PGP SIGNATURE-----

--- End Message ---