Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
On 01/05/13 11:14, Christoph Egger wrote:
> [...] As it is too late for wheezy r0 it seems we'll
> need to go through either security or stable-updates for wheezy
Yes, we need to fix it in sid anyway. I think this (in kfreebsd-9)
merits a DSA and the fix made available via security.d.o as soon as
possible after release, for users who install wheezy r0. Then it would
automatically enter the proposed-updates queue for r1.
For kfreebsd-8, the vulnerable code is present but not normally enabled,
so we may want to address it in wheezy with a stable update only.
For squeeze, I think the 8.1 kernel also has the vulnerable code, but
NFS wasn't even supported in that release.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: