Hi Sylvain,
On Mon, Mar 09, 2020 at 11:54:01PM +0100, Sylvain Beucler wrote:
> Upstream commit:
> https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
Thanks for the heads-up on the upstream fix! I commited the fix in our
debian/sid branch. Onc
Upstream commit:
https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
Hi,
Incidentally I contacted SuSE security who agreed that
fs.protected_symlinks is not a valid mitigation
(they will update MITRE).
I also improved the piuparts check:
#!/bin/sh -ex
if [ -e /var/lib/nfs ]; then
ls -ld /var/lib/nfs
ls -ld /var/lib/nfs/sm
if [ "$(dpkg -l | grep ' nfs-c
Hi,
I submitted the following patch to address this issue:
https://salsa.debian.org/debian/nfs-utils/merge_requests/3/diffs
The source part of the fix was also submitted at:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=338
I intend to push it to LTS/ELTS, I can also prepare an upload for
stabl
Hi,
I'm in the Debian LTS/ELTS team and considering an update for this issue.
Do you (package maintainers) intend to address it?
Or would you like a patch?
Cheers!
Sylvain
Source: nfs-utils
Version: 1:1.3.4-2.5
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for nfs-utils. Please note
that even thoug the description mentions the SUSE packages in Debian
similarly /var/lib/nfs is used.
CVE-2019-3689[0]:
| The nfs-utils package
6 matches
Mail list logo