Bug#613311: marked as done (kfreebsd: kernel leak)
Your message dated Mon, 14 Feb 2011 08:03:46 +0100 (CET)
with message-id <alpine.LRH.2.02.1102140750250.6148@sci.felk.cvut.cz>
and subject line Re: Bug#613311: kfreebsd: kernel leak
has caused the Debian Bug report #613311,
regarding kfreebsd: kernel leak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
613311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613311
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
package: kfreebsd-8
version: 8.1+dfsg-7.1
severity: important
tags: security
an exploit has been posted for freebsd using a kernel leak and their
ftpd [0]. it's against an ancient version of freebsd (5.3), so it may
not affect newer versions. i don't have time to verify whether any of
the claims actually affect the debian kfreebsd. i would suggest
discussing this with upstream.
best wishes,
mike
[0] http://www.exploit-db.com/exploits/16119/
--- End Message ---
--- Begin Message ---
an exploit has been posted for freebsd using a kernel leak and their
ftpd [0]. it's against an ancient version of freebsd (5.3), so it may
not affect newer versions. i don't have time to verify whether any of
the claims actually affect the debian kfreebsd. i would suggest
discussing this with upstream.
[0] http://www.exploit-db.com/exploits/16119/
The description clearly references to FreeBSD-SA-05:02.sendfile [1],
It is fixed in 5.4 and later releases.
Petr
[1] http://security.freebsd.org/advisories/FreeBSD-SA-05:02.sendfile.asc
--- End Message ---
Reply to: