Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 16 Dec 2007 21:47:53 +0100
Message-id: <[🔎] slrnfmb3np.4d9.jmm@inutil.org>
References: <20071207132105.GA15762@steve.org.uk> <[🔎] Pine.LNX.4.64.0712070945040.22285@uinen.physics.mcgill.ca>

Juan Gallego wrote:
> is sarge affected by this vulnerability? or has sarge been archived and i 
> missed the announcement?

The main attack vector - pygrub/xen - doesn't exist in Sarge. The other attacks
are more or less theoretical and hardly justify modifications to an important
core package like this.

Cheers,
        Moritz

Reply to:

References:
- Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
  - From: Juan Gallego <Little.Boss@physics.mcgill.ca>

Prev by Date: Robert B Jackson is on vacation.
Next by Date: PCI vulnerability scan - PHP4 on Sarge
Previous by thread: Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
Index(es):
- Date
- Thread