Bug#185508: this still needs to be fixed in "stable"
At 22 Mar 2003 13:17:26 -0800,
Kevin Buhr wrote:
> I can't see another open bug that covers this, so this should stay
> open until a fixed "stable" version is released, shouldn't it?
Yes, it should be opened. I noticed it after duploading before closed.
Security team have been already working for the stable version.
> GOTO Masanori's "glibc23-cert-rpcxdr.dpatch" should apply with only a
> bit of fuzz. The only problem I encountered when rebuilding a patched
> 2.2.5-11.2 myself was a crashing test program documented in bug
> 173486, and I've submitted a patch under that bug report.
> Is there some reason Debian is observing total radio silence on this
> bug? The CERT advisory came out Tuesday, and RedHat had their fix out
> on Wednesday. There's no obvious difficulty applying the patches
> given by the CERT advisory. What's up? I don't believe there's a
> proven remote root exploit, but sheesh, isn't it likely there's at
> least a DOS attack against any Debian machine running the "portmap"
> daemon (i.e., most Debian installations)?
Contact to the security team. They effort a lot.