On Sun, Oct 19, 2008 at 10:20:01AM +0000, Aníbal Monsalve Salazar wrote: > On Sun, Oct 19, 2008 at 04:14:56PM +1100, Anibal Monsalve Salazar wrote: > >Please consider preapproving nfs-utils/1:1.1.2-6lenny1 to fix > >CVE-2008-4552. > > > >http://bugs.debian.org/502680 > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 > >https://bugzilla.redhat.com/show_bug.cgi?id=458676 > > > >Changes: > > nfs-utils (1:1.1.2-6lenny1) testing-proposed-updates; urgency=high > > . > > * Fix CVE-2008-4552 > > nfs-utils 1.1.2, and possibly other versions before 1.1.3, invokes the > > host_ctl function with the wrong order of arguments, which causes TCP > > Wrappers to ignore netgroups and allows remote attackers to bypass > > intended access restrictions. > > Closes: #502680 > > The change is very minimal. looks fine, please upload and ping us again. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgptRoY5SdYap.pgp
Description: PGP signature