[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Unblock - libguac 0.6.0-2 (fix for CVE-2012-4415)



Hello,

Can libguac 0.6.0-2 be allowed into wheezy? It contains a fix for a
security vulnerability
(http://security-tracker.debian.org/tracker/CVE-2012-4415), but is
being blocked because of the freeze.

Thanks,

- Mike

---------- Forwarded message ----------
From: Nico Golde <nico@ngolde.de>
Date: Wed, Sep 12, 2012 at 2:15 AM
Subject: Re: guacd: buffer overflow: local users can execute arbitrary
code as root
To: Michael Jumper <mike.jumper@guac-dev.org>
Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi>, Yaroslav Halchenko
<debian@onerussian.com>, Michael Jumper
<zhangmaike@users.sourceforge.net>, security@debian.org, Paul
Tagliamonte <paultag@gmail.com>


Hi,
* Michael Jumper <mike.jumper@guac-dev.org> [2012-09-11 20:46]:
> On Tue, Sep 11, 2012 at 10:59 AM, Nico Golde <nico@ngolde.de> wrote:
> >
> > CVE-2012-4415 got assigned to this issue. Please include this identifier in
> > the changelog for the fixed package.
> >
>
> Updated (changed "testing-security" to "unstable", added reference to
> CVE number). New source packages now at:
> http://guac-dev.org/pub/debian/0.6.0-2
>
> I would like to announce the upstream 0.6.3 release at the
> approximately same time this fix hits Debian, such that neither
> upstream nor those using the Debian repositories are left without an
> available patched version.

Thanks, I just uploaded your package.

Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA

Attachment: pgp5pPDDg6HHg.pgp
Description: PGP signature


Reply to: