[Bug 1305549] [NEW] Sync openafs 1.6.7-1 (universe) from Debian unstable (main)

Anders Kaseorg andersk at mit.edu
Thu Apr 10 08:14:49 UTC 2014 

*** This bug is a security vulnerability ***

Public security bug reported:

Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)

This is an upstream security microrelease, consisting of exactly five
upstream commits on top of 1.6.6:

$ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
94ffd11 Make OpenAFS 1.6.7
 5 files changed, 6 insertions(+), 6 deletions(-)
ba73b9a Update NEWS for 1.6.7
 1 file changed, 8 insertions(+)
cde1526 viced: fix get-statistics64 buffer overflow
 1 file changed, 5 insertions(+)
19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
 1 file changed, 4 insertions(+), 5 deletions(-)
32688c0 rx: Split out rxi_SendConnectionAbortLater
 1 file changed, 26 insertions(+), 7 deletions(-)

(All other pending upstream work has been delayed to 1.6.8.)  There
are no extra Debian changes.

Changelog entries since current trusty version 1.6.6-1:

openafs (1.6.7-1) unstable; urgency=high

  * New upstream security release.
    - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
      fileserver.  (CVE-2014-0159)
    - Fix a potential DoS attack against Rx servers by avoiding suspending
      the listener thread when delaying connection abort messages.

 -- Russ Allbery <rra at debian.org>  Wed, 09 Apr 2014 10:33:38 -0700

** Affects: openafs (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0159

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1305549

Title:
  Sync openafs 1.6.7-1 (universe) from Debian unstable (main)

Status in “openafs” package in Ubuntu:
  New

Bug description:
  Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)

  This is an upstream security microrelease, consisting of exactly five
  upstream commits on top of 1.6.6:

  $ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
  94ffd11 Make OpenAFS 1.6.7
   5 files changed, 6 insertions(+), 6 deletions(-)
  ba73b9a Update NEWS for 1.6.7
   1 file changed, 8 insertions(+)
  cde1526 viced: fix get-statistics64 buffer overflow
   1 file changed, 5 insertions(+)
  19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
   1 file changed, 4 insertions(+), 5 deletions(-)
  32688c0 rx: Split out rxi_SendConnectionAbortLater
   1 file changed, 26 insertions(+), 7 deletions(-)

  (All other pending upstream work has been delayed to 1.6.8.)  There
  are no extra Debian changes.

  Changelog entries since current trusty version 1.6.6-1:

  openafs (1.6.7-1) unstable; urgency=high

    * New upstream security release.
      - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
        fileserver.  (CVE-2014-0159)
      - Fix a potential DoS attack against Rx servers by avoiding suspending
        the listener thread when delaying connection abort messages.

   -- Russ Allbery <rra at debian.org>  Wed, 09 Apr 2014 10:33:38 -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1305549/+subscriptions

More information about the Ubuntu-sponsors mailing list