Please unblock rsyslog 3.18.6-1 (security fix)

To: Debian-Release <debian-release@lists.debian.org>
Subject: Please unblock rsyslog 3.18.6-1 (security fix)
From: Michael Biebl <biebl@debian.org>
Date: Fri, 12 Dec 2008 18:10:15 +0100
Message-id: <[🔎] 49429AF7.7070408@debian.org>

Hi release team,

please unblock rsyslog 3.18.6-1.
 It contains an important security fix, which is reported as Debian bug [1].

Further information regarding the security issue can be found at secunia [2] and
upstream [3]. The complete upstream changes between 3.18.5 and 3.18.6 can be
found in the upstream git repository [4].

The Debian changelog is:

rsyslog (3.18.6-1) unstable; urgency=high

  * New upstream bugfix release.
    - Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender"
      configuration directive was not respected, allowing unrestricted network
      access to the application. Closes: #508027
      No CVE id yet.
  * Urgency high for the security fix.
  * debian/patches/manpage_fixes.patch
    - Fix typos in rsyslogd man page. Closes: #506925
      Thanks to Geoff Simmons for the patch.

 -- Michael Biebl <biebl@debian.org>  Fri, 12 Dec 2008 17:36:02 +0100

Cheers,
Michael



[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027
[2] http://secunia.com/Advisories/32857/
[3] http://www.rsyslog.com/Article322.phtml
[4]
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=b0317d31d98b17cd8b9b5d29f438191ac045cd33


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Please unblock rsyslog 3.18.6-1 (security fix)
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: security issue unblocks
Next by Date: Approval for a devscripts t-p-u upload
Previous by thread: Release plans? Bits from the RMs?
Next by thread: Re: Please unblock rsyslog 3.18.6-1 (security fix)
Index(es):
- Date
- Thread