[Bug 657024] [NEW] please sync 3.1.3-1 from debian (unstable) to replace 2.7.2-1ubuntu2 in Maverick (universe) - security vulnerability
Launchpad Bug Tracker
657024 at bugs.launchpad.net
Mon Oct 18 21:53:06 BST 2010
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Loïc Minier (lool):
Binary package hint: ziproxy
As per Debian #584933 and CVE-2010-1513 there is a remote network
exploit allowing arbitrary code to be executed. This has been fixed in
3.0.1, though Debian presently packages 3.1.3-1. We package 2.7.2,
which is vulnerable and carries a couple of arm specific patches. I
have verified the new package from sid at least minimally builds on
Maverick unmodified for x86. I will review the patch we have made to
see if it is still valid and needed for armel (originally LP: #539874),
but it is a very simple one and should be easy to include if needed.
** Affects: ziproxy (Ubuntu)
Importance: Undecided
Assignee: Loïc Minier (lool)
Status: New
** Affects: ziproxy (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: ziproxy (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: ziproxy (Debian)
Importance: Unknown
Status: Fix Released
--
please sync 3.1.3-1 from debian (unstable) to replace 2.7.2-1ubuntu2 in Maverick (universe) - security vulnerability
https://bugs.launchpad.net/bugs/657024
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list