[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Unblock - libguac 0.6.0-2 (fix for CVE-2012-4415)


Can libguac 0.6.0-2 be allowed into wheezy? It contains a fix for a
security vulnerability
(http://security-tracker.debian.org/tracker/CVE-2012-4415), but is
being blocked because of the freeze.


- Mike

---------- Forwarded message ----------
From: Nico Golde <nico@ngolde.de>
Date: Wed, Sep 12, 2012 at 2:15 AM
Subject: Re: guacd: buffer overflow: local users can execute arbitrary
code as root
To: Michael Jumper <mike.jumper@guac-dev.org>
Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi>, Yaroslav Halchenko
<debian@onerussian.com>, Michael Jumper
<zhangmaike@users.sourceforge.net>, security@debian.org, Paul
Tagliamonte <paultag@gmail.com>

* Michael Jumper <mike.jumper@guac-dev.org> [2012-09-11 20:46]:
> On Tue, Sep 11, 2012 at 10:59 AM, Nico Golde <nico@ngolde.de> wrote:
> >
> > CVE-2012-4415 got assigned to this issue. Please include this identifier in
> > the changelog for the fixed package.
> >
> Updated (changed "testing-security" to "unstable", added reference to
> CVE number). New source packages now at:
> http://guac-dev.org/pub/debian/0.6.0-2
> I would like to announce the upstream 0.6.3 release at the
> approximately same time this fix hits Debian, such that neither
> upstream nor those using the Debian repositories are left without an
> available patched version.

Thanks, I just uploaded your package.

Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA

Attachment: pgpBbMPfQbSWX.pgp
Description: PGP signature

Reply to: