[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#185508: this still needs to be fixed in "stable"

At 22 Mar 2003 13:17:26 -0800,
Kevin Buhr wrote:
> I can't see another open bug that covers this, so this should stay
> open until a fixed "stable" version is released, shouldn't it?

Yes, it should be opened.  I noticed it after duploading before closed.
Security team have been already working for the stable version.

> GOTO Masanori's "glibc23-cert-rpcxdr.dpatch" should apply with only a
> bit of fuzz.  The only problem I encountered when rebuilding a patched
> 2.2.5-11.2 myself was a crashing test program documented in bug
> 173486, and I've submitted a patch under that bug report.
> Is there some reason Debian is observing total radio silence on this
> bug?  The CERT advisory came out Tuesday, and RedHat had their fix out
> on Wednesday.  There's no obvious difficulty applying the patches
> given by the CERT advisory.  What's up?  I don't believe there's a
> proven remote root exploit, but sheesh, isn't it likely there's at
> least a DOS attack against any Debian machine running the "portmap"
> daemon (i.e., most Debian installations)?

Contact to the security team.  They effort a lot.

-- gotom

Reply to: