Bug#613312: kfreebsd: denial-of-service

To: Petr Salinger <Petr.Salinger@seznam.cz>
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>, 613312@bugs.debian.org, control@bugs.debian.org
Subject: Bug#613312: kfreebsd: denial-of-service
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 15 Feb 2011 17:56:17 +0100
Message-id: <[🔎] 20110215165616.GB28076@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 613312@bugs.debian.org
In-reply-to: <[🔎] alpine.LRH.2.02.1102140803510.6148@sci.felk.cvut.cz>
References: <[🔎] 20110213193254.98ecc3c5.michael.s.gilbert@gmail.com> <[🔎] alpine.LRH.2.02.1102140803510.6148@sci.felk.cvut.cz>

On Mon, Feb 14, 2011 at 08:15:43AM +0100, Petr Salinger wrote:
> forcemerge 613312 611476
> --
>> a denial-of-service has been posted for freebsd [0]. i don't have time
>> to verify whether any of the claims actually affect debian.  please
>> check the kfreebsd package.
>>
>> [0] http://www.exploit-db.com/exploits/16064/
>
> It affects us, we already care about it in #611476.
> The tested patch is scheduled (not-yet-uploaded) in our squeeze branch
>
> http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/
>
> http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/debian/patches/000_tcp_usrreq.diff
>
> Please decide, whether fix should go via security.d.o or can wait for point update.

A point update is sufficient. IIRC FreeBSD itself doesn't treat local
denial of service as security issues.

Cheers,
        Moritz

Reply to:

References:
- Bug#613312: kfreebsd: denial-of-service
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Bug#613312: kfreebsd: denial-of-service
  - From: Petr Salinger <Petr.Salinger@seznam.cz>

Prev by Date: Re: xorg-server/*bsd: moving from hal support to devd support?
Next by Date: Re: xorg-server/*bsd: moving from hal support to devd support?
Previous by thread: Bug#613312: kfreebsd: denial-of-service
Next by thread: Bug#613312: marked as done (kfreebsd: denial-of-service)
Index(es):
- Date
- Thread