Re: sing stable update for CVE-2007-6211
On Sun, Dec 30, 2007 at 04:22:52PM +0100, Nico Golde wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for sing some time ago.
> | Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users
> | to append to arbitrary files and gain privileges via the -L (output
> | log file) option. NOTE: this issue is only a vulnerability in limited
> | environments, since sing is not installed setuid, and the
> | administrator would need to override a non-setuid default during
> | installation.
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> However it would be nice if this could get fixed via a regular point update.
> Please contact the release time for this.
> This is an automatically generated mail, in case you are already working on an
> upgrade this is of course pointless.
> You can see the status of this vulnerability on:
> For further information:
>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6211
>  http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
Hi Nico and -release,
I prepared packages for both Etch and Sarge (stable and oldstable) and
I'm ready to upload them. Please, SRMs, let me know if it's ok to do so.
Sorry it took me sometime, but my limited BW makes it hard to build
sarge or etch envs.
p.s. Please Cc: me, not subscribed to the list.
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3