* Aníbal Monsalve Salazar [Mon, 20 Oct 2008 20:56:01 +1100]: > On Sun, Oct 19, 2008 at 08:07:34PM +0200, Pierre Habouzit wrote: > >On Sun, Oct 19, 2008 at 10:20:01AM +0000, Aníbal Monsalve Salazar wrote: > >>On Sun, Oct 19, 2008 at 04:14:56PM +1100, Anibal Monsalve Salazar wrote: > >>>Please consider preapproving nfs-utils/1:1.1.2-6lenny1 to fix > >>>CVE-2008-4552.
> >>>http://bugs.debian.org/502680 > >>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 > >>>https://bugzilla.redhat.com/show_bug.cgi?id=458676 > >>>Changes: > >>> nfs-utils (1:1.1.2-6lenny1) testing-proposed-updates; urgency=high > >>> . > >>> * Fix CVE-2008-4552 > >>> nfs-utils 1.1.2, and possibly other versions before 1.1.3, invokes the > >>> host_ctl function with the wrong order of arguments, which causes TCP > >>> Wrappers to ignore netgroups and allows remote attackers to bypass > >>> intended access restrictions. > >>> Closes: #502680 > >>The change is very minimal. > >looks fine, please upload and ping us again. > done Thanks, will unblock once it's built on all architectures. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org — Oh, George, you didn't jump into the river. How sensible of you! -- Mrs Banks in “Mary Poppins” -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
