Re: smb4k CVE-2017-8849

To: Markus Koschany <apo@debian.org>
Cc: Debian Security Team <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: smb4k CVE-2017-8849
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sat, 12 Aug 2017 22:40:53 +0200
Message-id: <[🔎] 20170812204053.byrceij5qozme66d@pisco.westfalen.local>
In-reply-to: <3d7e4738-95b5-8ecd-7095-dabe50bb553b@debian.org>
References: <f94d5059-9b34-c1b2-befd-7188683850e2@debian.org> <20170613114737.GA30358@lorien.valinor.li> <20170614105104.humaeu7gkdmkeo4q@neoptolemo.gnuservers.com.ar> <20170615035344.ftmv3bbe7htlt4nv@eldamar.local> <bf6fd6d8-aba8-ea77-e750-216804807eca@debian.org> <3d7e4738-95b5-8ecd-7095-dabe50bb553b@debian.org>

On Wed, Jun 21, 2017 at 06:54:57PM +0200, Markus Koschany wrote:
> Am 15.06.2017 um 18:49 schrieb Markus Koschany:
> [...]
> > Then I suggest we backport the Stretch version of smb4k to Wheezy and
> > Jessie. I have done this a few minutes ago for Wheezy and it was quite
> > painless. It pulls in a new dependency, libqt4-test, but apart from
> > that, mounting and unmounting of shares works as expected.
> > 
> > What do you think?
> 
> Since I haven't heard back from you and it appears that we can't rule
> out that Wheezy/Jessie are affected, I intend to backport the Stretch
> version of smb4k to Wheezy in two days.

But now we have failing upgrades: during an updadt to jessie it would
be held back since the version is lower then in jessie (but still
depends on the old libs).

So we'll need to do the same rebase for jessie, could you prepare
an update?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: smb4k CVE-2017-8849
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection
Next by Date: Re: Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection
Previous by thread: Re: Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection
Next by thread: Re: smb4k CVE-2017-8849
Index(es):
- Date
- Thread