Your message dated Sun, 28 Jul 2013 18:49:56 +0200 with message-id <CAOfDtXMgFQSA18r2C_q0e6+bDpcTNCiZq5s0Ytrdj4Hrmybuvg@mail.gmail.com> and subject line fixed in stable/9 has caused the Debian Bug report #717958, regarding kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 717958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717958 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
- From: Steven Chamberlain <steven@pyro.eu.org>
- Date: Sat, 27 Jul 2013 11:43:52 +0100
- Message-id: <[🔎] 51F3A468.2030604@pyro.eu.org>
Package: src:kfreebsd-9 Version: 9.0-10+deb70.2 Severity: grave Tags: security upstream Control: found -1 kfreebsd-9/9.0~svn223109-0.1 The FreeBSD NFS server implementation applies the wrong group credentials (supplied by the client) to an authenticated NFS session in specific configurations (exports defined using -mapall or -maproot with -network or -host). http://security.FreeBSD.org/advisories/FreeBSD-SA-13:08.nfsserver.asc This was fixed in kfreebsd-10 since r244226, but the security implications for kfreebsd-9 and kfreebsd-8 have just been realised. -- System Information: Debian Release: 7.1 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages kfreebsd-image-9.0-2-amd64-xenhvm depends on: ii devd 9.0+ds1-11~deb7u1 ii freebsd-utils 9.0+ds1-11~deb7u1 ii kbdcontrol 9.0+ds1-11~deb7u1 ii kldutils 9.0+ds1-11~deb7u1 kfreebsd-image-9.0-2-amd64-xenhvm recommends no packages. kfreebsd-image-9.0-2-amd64-xenhvm suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---
- To: 717958-done@bugs.debian.org
- Subject: fixed in stable/9
- From: Robert Millan <rmh@debian.org>
- Date: Sun, 28 Jul 2013 18:49:56 +0200
- Message-id: <CAOfDtXMgFQSA18r2C_q0e6+bDpcTNCiZq5s0Ytrdj4Hrmybuvg@mail.gmail.com>
Version: 9.2~svn244772 -- Robert Millan
--- End Message ---