On Wed, 2011-05-18 at 15:41 +0000, maximilian attems wrote: > * [klibc] ipconfig: comment new escape function > security fix for CVE-2011-0997 type vulnerability > corresponding cve requested but not yet given out. > http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff
As mentioned on oss-sec, it would be nice if this didn't write to a predictable filename. From the stable update point-of-view though, I realise that's not a regression relative to the current lenny / squeeze versions. > * [klibc] ipconfig: Only peek and discard packets from specified device. > This fixes netbooting on boxes with several connected network dev. > (the commit is on the largeish size, but got tested together with 1.5.20) > http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=92823d1a78a8a6f3e7a7cc36f949ca6379c4e77c > > > concerning oldstable only the first one should be fixed. > ipconfig has deeper troubles there. > > if acked by SRM I'd upload a klibc-1.5.20-2 with just the 2 aboves fixes > for stable and a 1.5.12-3 for oldstable with just the first fix? It's conventional to use e.g. -1+squeeze1, but afaics the above versions have not been previously uploaded to Debian so could be used if you wish. I'd appreciate debdiffs for a final check before the uploads, but the above sounds good; thanks. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
