[Bug 1305549] Re: Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for CVE-2014-0159

Dmitry Shachnev mitya57 at gmail.com
Thu Apr 10 15:25:08 UTC 2014


This bug was fixed in the package openafs - 1.6.7-1
Sponsored for Anders Kaseorg (anders-kaseorg)

---------------
openafs (1.6.7-1) unstable; urgency=high

  * New upstream security release.
    - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
      fileserver.  (CVE-2014-0159)
    - Fix a potential DoS attack against Rx servers by avoiding suspending
      the listener thread when delaying connection abort messages.

 -- Russ Allbery <rra at debian.org>  Wed, 09 Apr 2014 10:33:38 -0700

** Changed in: openafs (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1305549

Title:
  Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for
  CVE-2014-0159

Status in “openafs” package in Ubuntu:
  Fix Released

Bug description:
  Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)

  This is an upstream security microrelease, consisting of exactly five
  upstream commits on top of 1.6.6:

  $ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
  94ffd11 Make OpenAFS 1.6.7
   5 files changed, 6 insertions(+), 6 deletions(-)
  ba73b9a Update NEWS for 1.6.7
   1 file changed, 8 insertions(+)
  cde1526 viced: fix get-statistics64 buffer overflow
   1 file changed, 5 insertions(+)
  19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
   1 file changed, 4 insertions(+), 5 deletions(-)
  32688c0 rx: Split out rxi_SendConnectionAbortLater
   1 file changed, 26 insertions(+), 7 deletions(-)

  (All other pending upstream work has been delayed to 1.6.8.)  There
  are no extra Debian changes.

  Changelog entries since current trusty version 1.6.6-1:

  openafs (1.6.7-1) unstable; urgency=high

    * New upstream security release.
      - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
        fileserver.  (CVE-2014-0159)
      - Fix a potential DoS attack against Rx servers by avoiding suspending
        the listener thread when delaying connection abort messages.

   -- Russ Allbery <rra at debian.org>  Wed, 09 Apr 2014 10:33:38 -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1305549/+subscriptions



More information about the Ubuntu-sponsors mailing list