This bug was fixed in the package fuse - 2.9.3-16ubuntu1
---
fuse (2.9.3-16ubuntu1) wily; urgency=low
* Merge from Debian unstable. (LP: #1458397) Remaining changes:
- debian/fuse-udeb.install:
+ Install ulockmgr_server.
- debian/fuse.udev:
+ Don't install the udev rules; we require the fuse module to be
built-in, and mountall/systemd handle mounting /sys/fs/fuse/connections.
* Drop following change, no longer applicable:
- debian/fuse.postinst:
+ Only change the ownership or mode of /etc/fuse.conf
on initial installation.
- Drop the Ubuntu specific way of making fusermount suid root. Using
dpkg-statoverride for this works perfectly well and allows admins to
un-setuid it. [Martin Pitt]
fuse (2.9.3-16) unstable; urgency=high
* Sync with Ubuntu.
* Update Standards-Version to 3.9.6 .
[ Marc Deslauriers marc.deslauri...@ubuntu.com ]
* SECURITY UPDATE: privilege escalation via insecure environment
- debian/patches/CVE-2015-3202.patch: use execle to run external
helpers in lib/mount_util.c, util/mount_util.c.
- CVE-2015-3202 (closes: #786439).
fuse (2.9.3-15) unstable; urgency=low
* Use correct long option for udevadm in postinst (closes: #756582).
fuse (2.9.3-14) unstable; urgency=low
* New maintainer (closes: #756548).
* Add watch file.
fuse (2.9.3-13) unstable; urgency=low
* I don't care anymore, not worth it.. orphaning.
fuse (2.9.3-12) unstable; urgency=low
* Cherry-picking patch from upstream for arm64 (Closes: #752081).
fuse (2.9.3-11) unstable; urgency=low
* Improving fuse.postinst to handle device creation a bit better
(Closes: #743360).
fuse (2.9.3-10) unstable; urgency=low
* Conditionally only trigger udevadm only when /dev/fuse has already
been available (Closes: #745295).
fuse (2.9.3-9) unstable; urgency=low
* Loading fuse module in postinst to cover some edge cases where udev
reloading would fail (Closes: #743360).
fuse (2.9.3-8) unstable; urgency=low
* Building with dh --parallel.
fuse (2.9.3-7) experimental; urgency=low
* Adding patch from Fabrice Bauzac fbau...@amadeus.com to use dlsym()
instead of relying on ld.so constructor functions to load modules
(Closes: #737143).
* Updating year in copyright for 2014.
fuse (2.9.3-6) experimental; urgency=low
* Adding explicit permissions to udev rule for device nodes.
fuse (2.9.3-5) experimental; urgency=low
* Updating to standards version 3.9.5.
* Building with dh-autoreconf (Closes: #732285).
* Dropping fuse group (Closes: #733312).
fuse (2.9.3-4) experimental; urgency=low
* Updating vcs fields.
fuse (2.9.3-3) experimental; urgency=low
* Simplyfing libfuse2 symbols by marking linux-only symbols as linux-
only rather than to ship two different sets for linux and kfreebsd,
thanks to Pino Toscano p...@debian.org (Closes: #717197).
fuse (2.9.3-2) experimental; urgency=low
* Adding vcs fields.
* Wrapping control fields.
* Adding lintian overrides.
fuse (2.9.3-1) experimental; urgency=low
* Merging upstream version 2.9.3.
* Updating year in copyright file.
fuse (2.9.2-9) experimental; urgency=low
* Updating kfreebsd symbols files again.
fuse (2.9.2-8) experimental; urgency=low
* Correcting fuse-dbg package description.
* Harmonizing dpkg-statoverride calls in postinst.
* Excluding package on hurd by explicitly listing linux-any and
kfreebsd-any, it doesn't build on hurd anyway.
* Adding kfreebsd specific symbols file for libfuse2.
fuse (2.9.2-7) experimental; urgency=low
* Creating an udev event rather than reloading udev (Closes: #679930).
* Only creating /dev/fuse with MAKEDEV if it doesn't already exist.
* Clarify manpage that fusermount is used for unmounting only these days
(Closes: #651556).
fuse (2.9.2-6) experimental; urgency=low
* Adding initial symbols file for libfuse, thanks to Pino Toscano
p...@debian.org (Closes: #559473).
fuse (2.9.2-5) experimental; urgency=low
* Including header files in examples (Closes: #626522).
* Prefixing patches with four digits in filenames.
* Trimming diff headers in patches.
-- Artur Rona ari-tc...@ubuntu.com Sun, 24 May 2015 22:59:58 +0200
** Changed in: fuse (Ubuntu)
Status: Fix Committed = Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3202
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1458397
Title:
Merge fuse 2.9.3-16 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/1458397/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs