Bug#185508: this still needs to be fixed in "stable"

To: 185508@bugs.debian.org
Subject: Bug#185508: this still needs to be fixed in "stable"
From: Kevin Buhr <buhr@telus.net>
Date: 22 Mar 2003 13:17:26 -0800
Message-id: <[🔎] 87wuirksnt.fsf@saurus.asaurus.invalid>
Reply-to: Kevin Buhr <buhr@telus.net>, 185508@bugs.debian.org

reopen 185508
thanks

I can't see another open bug that covers this, so this should stay
open until a fixed "stable" version is released, shouldn't it?

GOTO Masanori's "glibc23-cert-rpcxdr.dpatch" should apply with only a
bit of fuzz.  The only problem I encountered when rebuilding a patched
2.2.5-11.2 myself was a crashing test program documented in bug
173486, and I've submitted a patch under that bug report.

Is there some reason Debian is observing total radio silence on this
bug?  The CERT advisory came out Tuesday, and RedHat had their fix out
on Wednesday.  There's no obvious difficulty applying the patches
given by the CERT advisory.  What's up?  I don't believe there's a
proven remote root exploit, but sheesh, isn't it likely there's at
least a DOS attack against any Debian machine running the "portmap"
daemon (i.e., most Debian installations)?

Our response so far has been to upload a fix for the *unstable*
version and close the bug!  (No offence intended to Masanori.)

-- 
Kevin Buhr <buhr@telus.net>

Reply to:

Follow-Ups:
- Processed: this still needs to be fixed in "stable"
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#185508: this still needs to be fixed in "stable"
  - From: GOTO Masanori <gotom@debian.or.jp>

Prev by Date: Re: 2.3.1-16 and 2.3.2-1
Next by Date: Processed: this still needs to be fixed in "stable"
Previous by thread: Bug#185894: locales: en_GB.ISO-10646 will not compile so package will not configure
Next by thread: Processed: this still needs to be fixed in "stable"
Index(es):
- Date
- Thread