Re: klibc 1.5.20 stable/oldstable update

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, team@security.debian.org
Cc: debian-release@lists.debian.org
Subject: Re: klibc 1.5.20 stable/oldstable update
From: maximilian attems <max@stro.at>
Date: Wed, 18 May 2011 20:53:49 +0000
Message-id: <[🔎] 20110518205349.GQ17786@vostochny.stro.at>
In-reply-to: <[🔎] 1305750327.3964.779.camel@hathi.jungle.funky-badger.org>
References: <[🔎] 20110518154150.GN17786@vostochny.stro.at> <[🔎] 1305750327.3964.779.camel@hathi.jungle.funky-badger.org>

On Wed, May 18, 2011 at 09:25:27PM +0100, Adam D. Barratt wrote:
> On Wed, 2011-05-18 at 15:41 +0000, maximilian attems wrote:
> > 2 commits of klibc 1.5.22 are candidates for stable fixes:
> > 
> > * [klibc] ipconfig: comment new escape function
> >   security fix for CVE-2011-0997 type vulnerability
> >   corresponding cve requested but not yet given out.
> > http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff
> 
> Thanks for working on fixing this in stable.  Have you confirmed with
> the security team that they don't wish to handle this via a DSA as for
> CVE-2011-0997 itself?

I had only shortly spoken with dannf when fix was not yet at the hand.
he had pointed out that maintainer could upload for "minor" security.
ipconfig in contrare to dhclient is mostly used for netbooting so
rogue dhcpd is only more likely if you mix a live boot system in the equation.

thank you for reviewing the proposed fixes.

-- 
maks

ps adding security team on recipient list.

Reply to:

References:
- klibc 1.5.20 stable/oldstable update
  - From: maximilian attems <max@stro.at>
- Re: klibc 1.5.20 stable/oldstable update
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: klibc 1.5.20 stable/oldstable update
Next by Date: Bug#624637: transition: libquicktime
Previous by thread: Re: klibc 1.5.20 stable/oldstable update
Next by thread: Re: klibc 1.5.20 stable/oldstable update
Index(es):
- Date
- Thread