Bug#712664: kfreebsd-9: CVE-2013-2171: Privilege escalation via mmap
Hi Steven,
Cc'ing team@security.d.o
On Wed, Jun 19, 2013 at 09:23:49PM +0100, Steven Chamberlain wrote:
> Attached are proposed debdiffs for an upload to wheezy-security, based
> on the version currently in wheezy.
Thanks Steven and Christoph for working on this issue.
> The versioning scheme for the last security upload (with +deb70.$n)
> looks a bit weird to me (and it has lower value than the next changelog
> entry). So I also attach a second debdiff, proposing a different form.
Debdiff should be based on current wheezy(-security) version, so make
the debdiff part for the changelog (i.e. without the unstable
changelog part):
> diff -Nru kfreebsd-9-9.0/debian/changelog kfreebsd-9-9.0/debian/changelog
> --- kfreebsd-9-9.0/debian/changelog 2013-05-01 13:59:20.000000000 +0100
> +++ kfreebsd-9-9.0/debian/changelog 2013-06-19 20:49:15.000000000 +0100
> @@ -1,3 +1,17 @@
> +kfreebsd-9 (9.0-10+deb70.2) wheezy-security; urgency=high
> +
> + * Team upload.
> + * Upload for wheezy-security
> + * Pick SVN 251902 from FreeBSD 9-STABLE to fix SA-13:06 / CVE-2013-2171:
> + Privilege escalation via mmap (Closes: #712664)
> +
> + -- Steven Chamberlain <steven@pyro.eu.org> Wed, 19 Jun 2013 20:36:54 +0100
> +
> kfreebsd-9 (9.0-10+deb70.1) wheezy-security; urgency=high
>
> * Upload for wheezy-security
[...]
The versioning is indeed a bit ugly (preferred would have beeen also
for the previous one +deb7uX, and incrementing X, there is a pending
update for dev-ref describing this, see [1]).
[1] http://bugs.debian.org/709218
> Please could someone with the necessary access, open a security.d.o RT
> ticket asking permission to upload whichever one of these, and for a DSA
> to be issued?
Small remark on this one: You also can do that in every case, no
necessary permissions for RT are needed: write a mail to
security@rt.debian.org with subject containing [Debian RT], see [2].
[2] http://wiki.debian.org/rt.debian.org#Security_Team
Regards,
Salvatore
Reply to: