At 22 Mar 2003 13:17:26 -0800, Kevin Buhr wrote: > I can't see another open bug that covers this, so this should stay > open until a fixed "stable" version is released, shouldn't it?
Yes, it should be opened. I noticed it after duploading before closed. Security team have been already working for the stable version. > GOTO Masanori's "glibc23-cert-rpcxdr.dpatch" should apply with only a > bit of fuzz. The only problem I encountered when rebuilding a patched > 2.2.5-11.2 myself was a crashing test program documented in bug > 173486, and I've submitted a patch under that bug report. > > Is there some reason Debian is observing total radio silence on this > bug? The CERT advisory came out Tuesday, and RedHat had their fix out > on Wednesday. There's no obvious difficulty applying the patches > given by the CERT advisory. What's up? I don't believe there's a > proven remote root exploit, but sheesh, isn't it likely there's at > least a DOS attack against any Debian machine running the "portmap" > daemon (i.e., most Debian installations)? Contact to the security team. They effort a lot. -- gotom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
