Bug#185508: this still needs to be fixed in "stable"

To: Kevin Buhr <buhr@telus.net>, 185508@bugs.debian.org
Subject: Bug#185508: this still needs to be fixed in "stable"
From: GOTO Masanori <gotom@debian.or.jp>
Date: Sun, 23 Mar 2003 11:55:29 +0900
Message-id: <[🔎] 8065qalrku.wl@oris.opensource.jp>
Reply-to: GOTO Masanori <gotom@debian.or.jp>, 185508@bugs.debian.org
In-reply-to: <[🔎] 87wuirksnt.fsf@saurus.asaurus.invalid>
References: <[🔎] 87wuirksnt.fsf@saurus.asaurus.invalid>

At 22 Mar 2003 13:17:26 -0800,
Kevin Buhr wrote:
> I can't see another open bug that covers this, so this should stay
> open until a fixed "stable" version is released, shouldn't it?

Yes, it should be opened.  I noticed it after duploading before closed.
Security team have been already working for the stable version.

> GOTO Masanori's "glibc23-cert-rpcxdr.dpatch" should apply with only a
> bit of fuzz.  The only problem I encountered when rebuilding a patched
> 2.2.5-11.2 myself was a crashing test program documented in bug
> 173486, and I've submitted a patch under that bug report.
>
> Is there some reason Debian is observing total radio silence on this
> bug?  The CERT advisory came out Tuesday, and RedHat had their fix out
> on Wednesday.  There's no obvious difficulty applying the patches
> given by the CERT advisory.  What's up?  I don't believe there's a
> proven remote root exploit, but sheesh, isn't it likely there's at
> least a DOS attack against any Debian machine running the "portmap"
> daemon (i.e., most Debian installations)?

Contact to the security team.  They effort a lot.

-- gotom

Reply to:

References:
- Bug#185508: this still needs to be fixed in "stable"
  - From: Kevin Buhr <buhr@telus.net>

Prev by Date: Bug#185933: libc6-dev: sys/io.h disappeared on ppc
Next by Date: Bug#185933: libc6-dev: sys/io.h disappeared on ppc
Previous by thread: Processed: this still needs to be fixed in "stable"
Next by thread: Bug#185924: locale-gen breaks with POSIXLY_CORRECT
Index(es):
- Date
- Thread