[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] Stable update for libpcap


On Sun, 2011-07-10 at 19:57 +0200, Romain Francoise wrote:
> I'd like to upload the following update for libpcap in squeeze, it
> addresses two bugs:

Thanks for working on this, and sorry for the slight delay in getting
back to you.

> - #612803: device detection is broken if the bonding module is loaded
>   because it creates an extra file in /sys/class/net, the upstream fix is
>   used verbatim.

I debated this one given the low severity of the bug and that it only
appears to cause issues under a small set of circumstances.  However,
the patch is small and obvious enough and I'd be happy to accept it in
an upload fixing the security issue.

> - #623868 (aka CVE-2011-1935): a security issue that was not serious
>   enough to warrant a DSA. The patch is the result of several upstream
>   commits that were backported to libpcap 1.1.1.

So far as I can see from the diff and reading the log for #623868, this
also includes changes related to #625443; is that correct?  The bug log
there mentions that the problem only occurs with libpcap 1.1.1-4,
whereas squeeze has 1.1.1-2 - is the log incorrect, or does #625443 not
actually affect stable?



Reply to: