Merge from debian package.
- CVE-2011-0430: update ticket5 from heimdal. Avoids a double-free which
basically allows an arbitrary attack against any krb5-aware Rx service by
exploiting when the double-free occurs in asn1 payloads which came from the
wire.
- CVE-2011-0431: Use correct type of error in flock code.
Got the diff originally from Debian. I've compared the diffs of
"openafs_1.4.12.1+dfsg-4.diff.gz" and "openafs_1.4.12.1+dfsg-3.diff.gz".
Tried to manually patch "openafs-1.4.12+dfsg"-source with the patch and all
changes were applied successfully.
Tried to build .deb package with pbuilder and it was built without problems.
No testing other than to build the package has been performed.
This debdiff takes the CVE-related changes from debian package
"openafs_1.4.12.1+dfsg-4" and applies to Ubuntu's "openafs-1.4.12+dfsg".
One note: I did not succeed to set "XSBC-Original-Maintainer"-field in
debian/control. I left the maintainer field untouched. Hope this is ok with you.
---
Christian
** Patch added: "Solves CVE-2011-0430 and CVE-2011-0431."
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/723121/+attachment/2291867/+files/openafs_1.4.12%2Bdfsg-3build2.debdiff
** Changed in: openafs (Ubuntu Lucid)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/723121
Title:
Security bugs "DSA-2168-1 openafs -- several vulnerabilities"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/723121/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
