[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#690986: CVE-2012-5363 CVE-2012-5365

Control: found -1 8.1+dfsg-8+squeeze4
Control: found -1 8.3-6

(Affected versions in stable and oldstable were not marked as such, so
I'm fixing that now.)

On 03/09/13 12:15, Jonathan Wiltshire wrote:
> Recently you fixed one or more security problems and as a result you closed
> this bug.
> [...] they are now on my radar for fixing in the following suites
> through point releases:

This bug was only closed due to removal of kfreebsd-8 from sid.  Maybe
this report was generated in error because affected versions were not
properly tagged?

No fix is available.  I'd like to keep the security issues 'open' until
someday a mitigation might be introduced in the upstream development
head which could be backported.

Hopefully the note on the PTS about these open issues, the bug in the
BTS, and security tracker data (e.g. via debsecan) are enough to advise
users of these two CVEs.  The issues are DoS-only and IMHO low severity
for most environments.

That said, there are some other outstanding security bugs in kfreebsd-8
we may want to address in a point release...

Steven Chamberlain

Reply to: