[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: klibc 1.5.20 stable/oldstable update

On Wed, 2011-05-18 at 15:41 +0000, maximilian attems wrote:
> * [klibc] ipconfig: comment new escape function
>   security fix for CVE-2011-0997 type vulnerability
>   corresponding cve requested but not yet given out.
> http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff

As mentioned on oss-sec, it would be nice if this didn't write to a
predictable filename.  From the stable update point-of-view though, I
realise that's not a regression relative to the current lenny / squeeze

> * [klibc] ipconfig: Only peek and discard packets from specified device.
>   This fixes netbooting on boxes with several connected network dev.
>   (the commit is on the largeish size, but got tested together with 1.5.20)
> http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=92823d1a78a8a6f3e7a7cc36f949ca6379c4e77c
> concerning oldstable only the first one should be fixed.
> ipconfig has deeper troubles there.
> if acked by SRM I'd upload a klibc-1.5.20-2 with just the 2 aboves fixes
> for stable and a 1.5.12-3 for oldstable with just the first fix?

It's conventional to use e.g. -1+squeeze1, but afaics the above versions
have not been previously uploaded to Debian so could be used if you

I'd appreciate debdiffs for a final check before the uploads, but the
above sounds good; thanks.



Reply to: