Package: release.debian.org Severity: normal User: [email protected] Usertags: pu
Hello, I'd like to propose an upgrade of xinetd. There is a security bug, not so severe CVE-2013-4342 handled in #324678 However the bug is closed only in unstable. The version in stable is different, so the patch needs to be applied to that version too. The patch is quite trivial, I attach the one I used in unstable, the one needed in stable needs to be applied to a different line. Do you think it is a good idea to upgrade it? If you agree, Salvatore Bonaccorso offered himself to sponsor the upload. Bye -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.2a (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Description: can set uid for tcpmux This patch fixes CVE-2013-4342, by allowing TCPMUX to be used under a different user. Origin: other, https://github.com/xinetd-org/xinetd/pull/10/files Reviewed-By: Salvo 'LtWorf' Tomaselli <[email protected]> . xinetd (1:2.3.15-2) unstable; urgency=high . * Fix CVE-2013-4342 making TCPMUX services change the uid. (Closes: #324678) Author: https://github.com/octurite Bug-Debian: http://bugs.debian.org/324678 Last-Update: 2013-10-03 --- xinetd-2.3.15.orig/xinetd/builtins.c +++ xinetd-2.3.15/xinetd/builtins.c @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct if( SC_IS_INTERNAL( scp ) ) { SC_INTERNAL(scp, nserp); } else { - exec_server(nserp); + child_process(nserp); } }
