Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Steven Chamberlain <steven@pyro.eu.org>, Christoph Egger <christoph@debian.org>, "debian-bsd\@lists.debian.org" <debian-bsd@lists.debian.org>, team@security.debian.org
Subject: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 24 May 2013 23:05:28 +0200
Message-id: <[🔎] 877gio84x3.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 1369427656.18864.12.camel@jacala.jungle.funky-badger.org> (Adam D. Barratt's message of "Fri, 24 May 2013 21:34:16 +0100")
References: <517EEA4B.2090302@pyro.eu.org> <517EF9CC.90408@pyro.eu.org> <[🔎] 8761z357o7.fsf@hepworth.siccegge.de> <[🔎] 87ip32aprp.fsf@mid.deneb.enyo.de> <[🔎] 87ip324ya3.fsf@hepworth.siccegge.de> <[🔎] 8738u695l1.fsf@mid.deneb.enyo.de> <[🔎] 874nem4w8t.fsf@hepworth.siccegge.de> <[🔎] 519BE5E2.5060305@pyro.eu.org> <[🔎] 87fvxeg8eu.fsf@mid.deneb.enyo.de> <[🔎] 519FC91A.6050000@pyro.eu.org> <[🔎] 871u8w9lkj.fsf@mid.deneb.enyo.de> <[🔎] 1369427656.18864.12.camel@jacala.jungle.funky-badger.org>

* Adam D. Barratt:

> On Fri, 2013-05-24 at 22:20 +0200, Florian Weimer wrote:
>> * Steven Chamberlain:
>> > I notice a problem though when this was (I think - I'm unsure of the
>> > security team's processes here) copied to the main archive, probably so
>> > that it can be included in stable-proposed-updates:
>> 
>> Thanks for noticing.
> [...]
>> Could you contact ftpmaster and/or the stable release managers about
>> this?  I don't think we can do anything about it on the security side.
>
> We (SRM) can't; we don't have any particular access to the upload
> queues and none to security.d.o.

I still have access to the original .changes files.  If you think that
uploading again would fix things, I can try that.  I'd be surprised if
resolving this were so simple, though. 8-/

Reply to:

Follow-Ups:
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@debian.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@christoph-egger.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@debian.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Next by Date: Processing of kfreebsd-9_9.0-10+deb70.1_kfreebsd-amd64.changes
Previous by thread: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Next by thread: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Index(es):
- Date
- Thread