[Bug 1590232] Re: Sync libusbmuxd 1.0.10-3 (main) from Debian unstable (main)
Daniel Holbach
daniel.holbach at ubuntu.com
Mon Jun 13 07:08:55 UTC 2016
This bug was fixed in the package libusbmuxd - 1.0.10-3
Sponsored for Logan Rosen (logan)
---------------
libusbmuxd (1.0.10-3) unstable; urgency=high
* [12da77b] Make sure sockets only listen locally.
Fixes CVE-2016-5104 (Closes: #825554)
-- Chow Loong Jin <hyperair at debian.org> Sun, 05 Jun 2016 09:54:05
+0800
** Changed in: libusbmuxd (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5104
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1590232
Title:
Sync libusbmuxd 1.0.10-3 (main) from Debian unstable (main)
Status in libusbmuxd package in Ubuntu:
Fix Released
Bug description:
Please sync libusbmuxd 1.0.10-3 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: incorrectly bound listening socket
- debian/patches/CVE-2016-5104.patch: use INADDR_LOOPBACK in
common/socket.c.
- CVE-2016-5104
Fixed in Debian.
Changelog entries since current yakkety version 1.0.10-2ubuntu1:
libusbmuxd (1.0.10-3) unstable; urgency=high
* [12da77b] Make sure sockets only listen locally.
Fixes CVE-2016-5104 (Closes: #825554)
-- Chow Loong Jin <hyperair at debian.org> Sun, 05 Jun 2016 09:54:05
+0800
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libusbmuxd/+bug/1590232/+subscriptions
More information about the Ubuntu-sponsors
mailing list