Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver

To: Steven Chamberlain <steven@pyro.eu.org>, debian-bsd@lists.debian.org
Subject: Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
From: Robert Millan <rmh@debian.org>
Date: Wed, 31 Jul 2013 15:19:36 +0200
Message-id: <[🔎] CAOfDtXMvsZ1ZSLjx0+7OS34JsYTtO18mXw+fPPxd1o=fWrbP2g@mail.gmail.com>
In-reply-to: <[🔎] 51F8FA15.1090907@pyro.eu.org>
References: <RT-Ticket-4573@debian.org> <[🔎] 51F3A468.2030604@pyro.eu.org> <[🔎] 51F56DEC.6010006@pyro.eu.org> <rt-4.0.7-8582-1375038967-969.4573-4-0@debian.org> <20130728195907.GA5482@pisco.westfalen.local> <rt-4.0.7-8582-1375041561-50.4573-6-0@debian.org> <[🔎] 51F59DA1.9000109@pyro.eu.org> <CAOfDtXOo6-8=MbBP_Mx7z-kfZ1A=M14iczGit6xDKD0pw=d-aQ@mail.gmail.com> <51F66070.3030606@pyro.eu.org> <[🔎] 51F709B7.2040903@pyro.eu.org> <[🔎] CAOfDtXPmU9N55TyQd8mTy2Ben1Y9=1sS8O8jpyOvJQCBT4o-KQ@mail.gmail.com> <[🔎] 51F8FA15.1090907@pyro.eu.org>

2013/7/31 Steven Chamberlain <steven@pyro.eu.org>:
> On 31/07/13 12:45, Robert Millan wrote:
>>> It probably needs to
>>> end up in a README.Debian at least, plus mentioned in the changelog:
>>
>> Sounds fine too.
>
> I'm not sure how to deploy that file exactly.  Could you please try?
> I'll be a little busy today.

Today I'm very short on time too (and still have to push the gcc -O1
fixes in experimental) :-(

I had a quick look, it seems to me that debian/NEWS would be the most
appropiate (it is displayed by apt-listchanges so it gets a lot more
attention than the changelog). Something like this:

kfreebsd-9 (9.0-10+deb70.3) wheezy-security; urgency=high

  Multiple security issues related to IPv6 have been discovered
(CVE-xxx, CVE-yyy).

  Please refer to README.ipv6 for extensive advice on how they can be mitigated.

 -- Mr IPv6 <ipv6@example.org>  Wed, 31 Jul 2013 13:52:17 +0200

-- 
Robert Millan

Reply to:

References:
- Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Bug#717958: [Debian RT] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
  - From: Robert Millan <rmh@debian.org>
- Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Re: Bug#712633: marked as done (Include freebsd-config into freebsd-buildutils)
Next by Date: Processing of kfreebsd-9_9.2~svn253698-1_kfreebsd-amd64.changes
Previous by thread: Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
Next by thread: Bug#717958: marked as done (kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials)
Index(es):
- Date
- Thread