Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 24 Jun 2020 10:20:47 +0200 Source: nfs-utils Architecture: source Version: 1:1.3.4-2.1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian kernel team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 940848 Changes: nfs-utils (1:1.3.4-2.1+deb9u1) stretch; urgency=medium . * statd: take user-id from /var/lib/nfs/sm (CVE-2019-3689) (Closes: #940848) * Don't make /var/lib/nfs owned by statd. Only sm and sm.bak need to be accessible by statd or sm-notify after they drop privileges. * debian/control: Point Vcs URLs to kernel-team namespace repository Checksums-Sha1: aee11cb683794ee84198dba94fb81d12fcc2cd5b 2530 nfs-utils_1.3.4-2.1+deb9u1.dsc 93f8fcaf81ccc5b4e05bb0582d01a8e0f2b1ac97 42088 nfs-utils_1.3.4-2.1+deb9u1.debian.tar.bz2 d8e87755c116c91a575859e2cca3a8910611cb1d 6389 nfs-utils_1.3.4-2.1+deb9u1_source.buildinfo Checksums-Sha256: 6dd02e66073346ccc06903269e6ed9d80492b782bd13bdd627235935396bf801 2530 nfs-utils_1.3.4-2.1+deb9u1.dsc abae375c7e75efdec5ea60c7dff494aa07fe73070b6e0b2b0d712d36016af2c0 42088 nfs-utils_1.3.4-2.1+deb9u1.debian.tar.bz2 0ee19f3e8b209c22f492b0c3effb30ed1b3893f5f2486fa637284de191d07586 6389 nfs-utils_1.3.4-2.1+deb9u1_source.buildinfo Files: 6acbd85e0a808a4b757f63e81ddcac54 2530 net standard nfs-utils_1.3.4-2.1+deb9u1.dsc ad3cd9a7ba168668933dc4dd3e8597e7 42088 net standard nfs-utils_1.3.4-2.1+deb9u1.debian.tar.bz2 21f5abc9a9fef86c039f6fadfed73f36 6389 net standard nfs-utils_1.3.4-2.1+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl787dlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EF60QAIPcNEAhpX+LdGekLUx4vi19Ux/Flmu6 YojoEcpi6stkc5KCZDo+LQ0R6SXasirWrhm4uNmGZNp9HU4i2suLW22pPljiaPXR XNkRf9V+MwGNbvLTxrlr132Vi4LvpayoC//+2CyRnpXJsOv+q30q61c6MEGj9Gdx QqkDm9qB0lQqxle8PqQAbj97fiXxCY5BfA7CK6jm0UqIegMKn40aXA06gpxVQzzn pub+DR+Cy5N6do1GNle9K8zC/TEhoE3Rmv1lL5sB+xI62H1O8R7U3Z/tdOsb9EAv eYXE6FhaetO4SrGffYPMl2SKa3IPm0eI0v8k55zwLs6oMr2Jgp2+DIp85jllN8j3 7UmtfT5jz+HwAwpJn04tvWviGL+OeSrIiYSj3Rm/v/TjEDCImU54n4dfgwAQp0/g igYsjOiXbqPoHhzy54DrUTKCxHNW1Mm2YSCO8F3xWXsePMm+jFYwXf5PdY1AhJaC sObPn6lv+fnBA/0LLYm8YM7MqYp5m6PuPCl4y9HTGTq9b+vA9fqeMARtcp+/4wSG EiYCIpgVDCo7ELYPt/2wWKchxnGCYXoHkvGHqFYweWbbC09Jjo2a7P8Bcm1jOtgc gQZ0ZshvhUt2W1hjbMD3Zbuons58I73DqKGHpOlzamCEiI44mgGdR5IbyAQh5ORM tyoYqJCr9vp5 =m7Bj -----END PGP SIGNATURE----- Thank you for your contribution to Debian.