Bug#908616: marked as done (OpenAFS security release)

[Debian Bug Tracking System]

Your message dated Tue, 02 Oct 2018 06:06:29 +0000
with message-id <e1g7dpf-0001od...@fasolo.debian.org>
and subject line Bug#908616: fixed in openafs 1.6.20-2+deb9u2
has caused the Debian Bug report #908616,
regarding OpenAFS security release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
908616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: openafs
Version: 1.6.9-2+deb8u7
Tags: security
Severity: serious

OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt

No CVEs have been assigned yet.

-Ben

--- End Message ---

--- Begin Message ---

Source: openafs
Source-Version: 1.6.20-2+deb9u2

We believe that the bug you reported is fixed in the latest version of
openafs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated openafs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Sep 2018 21:06:09 +0200
Source: openafs
Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver 
openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 
libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms 
libpam-openafs-kaserver
Architecture: source
Version: 1.6.20-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Benjamin Kaduk <ka...@mit.edu>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 908616
Description: 
 libafsauthent1 - AFS distributed file system runtime library (authentication)
 libafsrpc1 - AFS distributed file system runtime library (RPC layer)
 libkopenafs1 - AFS distributed file system runtime library (PAGs)
 libopenafs-dev - AFS distributed filesystem development libraries
 libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module
 openafs-client - AFS distributed filesystem client support
 openafs-dbserver - AFS distributed filesystem database server
 openafs-doc - AFS distributed filesystem documentation
 openafs-fileserver - AFS distributed filesystem file server
 openafs-fuse - AFS distributed file system experimental FUSE client
 openafs-kpasswd - AFS distributed filesystem old password changing
 openafs-krb5 - AFS distributed filesystem Kerberos 5 integration
 openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source
 openafs-modules-source - AFS distributed filesystem kernel module source
Changes:
 openafs (1.6.20-2+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Volume-level data replacement via unauthenticated butc connections
     (CVE-2018-16947) (Closes: #908616)
   * Information leakage from uninitialized RPC output variables
     (CVE-2018-16948) (Closes: #908616)
   * Denial of service due to excess resource consumption (CVE-2018-16949)
     (Closes: #908616)
Checksums-Sha1: 
 72ddecd763724698e91bea1db332c7dde4c823dd 4049 openafs_1.6.20-2+deb9u2.dsc
 440f93287c5eb88649532504a26b8d0fbea716ee 153260 
openafs_1.6.20-2+deb9u2.debian.tar.xz
Checksums-Sha256: 
 9a5ddfecce5a6b2c5b7f849baa3d7cd634c6f4389b27cafb52106e533fbece44 4049 
openafs_1.6.20-2+deb9u2.dsc
 e43e6c8d589493de136a319731d425c51a01b981ca5ed44e9f36073d2e5a8b9a 153260 
openafs_1.6.20-2+deb9u2.debian.tar.xz
Files: 
 c6e04c222acdece498c2bfb48c37509d 4049 net optional openafs_1.6.20-2+deb9u2.dsc
 70b9b174205490105ffab0940ec2ad66 153260 net optional 
openafs_1.6.20-2+deb9u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlulSfVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6S8P+QFT9YEKDwuKQ6AuIWVdUwbAonA9t5uo
UwXOYYw9mGk4A0E/DzHyGYOQwyGt/s8ufBy09qfIz+oiTH/yRzuebnJgwqAqveQK
vtBUcm4hXsikMrMrt6bAHEtNjXVgGRafeBswB6EXu2ZChS8M89vEYLKGS/uWlATk
S9FMhUkq7wiUSbDbhCalFJ3rKFHgU72G70CHHEK9hEU9ORsu0WscUhetdrT3MEHu
hAjAb3ADtPXQpxBsLTaM0WoTQmQOExLX8KuWpuvwa6RfUKhLvJ2bJUeYrt846m7B
h37NKNSZmEqwXE2thHOLTvVIUeuMR4O/34gQRJs9IGQMP91OOWZP3wvs/Fo3BBs6
/e7PVpqBaxKVtEv54M0hTnoE4ZBf7Zkzq7XxdB04VHqHo8AagKljzpO/5ud9r6Au
Q6LNz0jMNVBdMlTmXAE0birItCZbXuDiJD5KZsGAe+0/6BDLhVVvDCIB0f56SZvF
roGJfKvZZ8jPm4GvK4IdhXX0r1IRS8nG6NBqJb+B315tF4ntLmgCpFtKEFIh0Nf5
Igi0OAvMie28g7jMJgQohuhRKaYIA9nTAn0uYSTOAPaOYlt6i+yAW8gfptsm0IVq
/irDrwmk7vkpnbVJjbxYwIKUrujdJpHxQeUm0J3RRw131iP4pWlzzWHfcmsuBK/i
2RFn8Nh8KmcL
=okna
-----END PGP SIGNATURE-----

--- End Message ---