Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server

To: Florian Weimer <fw@deneb.enyo.de>, 706414@bugs.debian.org
Cc: Steven Chamberlain <steven@pyro.eu.org>, Christoph Egger <christoph@debian.org>, "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org>, team@security.debian.org
Subject: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 24 May 2013 21:34:16 +0100
Message-id: <[🔎] 1369427656.18864.12.camel@jacala.jungle.funky-badger.org>
In-reply-to: <[🔎] 871u8w9lkj.fsf@mid.deneb.enyo.de>
References: <517EEA4B.2090302@pyro.eu.org> <517EF9CC.90408@pyro.eu.org> <[🔎] 8761z357o7.fsf@hepworth.siccegge.de> <[🔎] 87ip32aprp.fsf@mid.deneb.enyo.de> <[🔎] 87ip324ya3.fsf@hepworth.siccegge.de> <[🔎] 8738u695l1.fsf@mid.deneb.enyo.de> <[🔎] 874nem4w8t.fsf@hepworth.siccegge.de> <[🔎] 519BE5E2.5060305@pyro.eu.org> <[🔎] 87fvxeg8eu.fsf@mid.deneb.enyo.de> <[🔎] 519FC91A.6050000@pyro.eu.org> <[🔎] 871u8w9lkj.fsf@mid.deneb.enyo.de>

On Fri, 2013-05-24 at 22:20 +0200, Florian Weimer wrote:
> * Steven Chamberlain:
> > I notice a problem though when this was (I think - I'm unsure of the
> > security team's processes here) copied to the main archive, probably so
> > that it can be included in stable-proposed-updates:
> 
> Thanks for noticing.
[...]
> Could you contact ftpmaster and/or the stable release managers about
> this?  I don't think we can do anything about it on the security side.

We (SRM) can't; we don't have any particular access to the upload queues
and none to security.d.o.

When there have been similar issues in the past, someone from the
security team has re-copied the packages over, but I'm not sure if that
was anything more involved than simply dputting or ftping the files.
I'll see if anyone on IRC can have a look.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@debian.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@christoph-egger.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Christoph Egger <christoph@debian.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Processing of kfreebsd-9_9.0-10+deb70.1_kfreebsd-amd64.changes
Next by Date: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Previous by thread: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Next by thread: Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server
Index(es):
- Date
- Thread