[Bug 1305549] Re: Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for CVE-2014-0159
Anders Kaseorg
andersk at mit.edu
Thu Apr 10 08:37:39 UTC 2014
** Summary changed:
- Sync openafs 1.6.7-1 (universe) from Debian unstable (main)
+ Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for CVE-2014-0159
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1305549
Title:
Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for
CVE-2014-0159
Status in “openafs” package in Ubuntu:
New
Bug description:
Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)
This is an upstream security microrelease, consisting of exactly five
upstream commits on top of 1.6.6:
$ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
94ffd11 Make OpenAFS 1.6.7
5 files changed, 6 insertions(+), 6 deletions(-)
ba73b9a Update NEWS for 1.6.7
1 file changed, 8 insertions(+)
cde1526 viced: fix get-statistics64 buffer overflow
1 file changed, 5 insertions(+)
19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
1 file changed, 4 insertions(+), 5 deletions(-)
32688c0 rx: Split out rxi_SendConnectionAbortLater
1 file changed, 26 insertions(+), 7 deletions(-)
(All other pending upstream work has been delayed to 1.6.8.) There
are no extra Debian changes.
Changelog entries since current trusty version 1.6.6-1:
openafs (1.6.7-1) unstable; urgency=high
* New upstream security release.
- OPENAFS-SA-2014-001: Fix potential buffer overflow in the
fileserver. (CVE-2014-0159)
- Fix a potential DoS attack against Rx servers by avoiding suspending
the listener thread when delaying connection abort messages.
-- Russ Allbery <rra at debian.org> Wed, 09 Apr 2014 10:33:38 -0700
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1305549/+subscriptions
More information about the Ubuntu-sponsors
mailing list