Bug#940848: nfs-utils:CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs

To: Sylvain Beucler <beuc@beuc.net>, 940848@bugs.debian.org
Subject: Bug#940848: nfs-utils:CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 10 Mar 2020 11:04:38 +0100
Message-id: <[🔎] 20200310100438.GA14671@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 940848@bugs.debian.org
In-reply-to: <[🔎] 4b02ab6a-b44a-b556-2c21-489159b77653@beuc.net>
References: <156900987685.28528.4626244954931953936.reportbug@eldamar.local> <[🔎] 4b02ab6a-b44a-b556-2c21-489159b77653@beuc.net> <156900987685.28528.4626244954931953936.reportbug@eldamar.local>

Hi Sylvain,

On Mon, Mar 09, 2020 at 11:54:01PM +0100, Sylvain Beucler wrote:
> Upstream commit:
> https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e

Thanks for the heads-up on the upstream fix! I commited the fix in our
debian/sid branch. Once the fix is exposed in unstable we can
cherry-pick it as well for stretch and buster.

Regards,
Salvatore

Reply to:

References:
- Bug#940848: nfs-utils:CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Processed: tagging 940848
Next by Date: Re: libbpf distro packaging
Previous by thread: Bug#940848: nfs-utils:CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs
Next by thread: Bug#945172: firmware: failed to load rtw88/rtw8822b_fw.bin (workaround - correction)
Index(es):
- Date
- Thread