[Bug 1792234] Re: Sync openafs 1.8.2-1 (universe) from Debian unstable (main)
Anders Kaseorg
andersk at mit.edu
Tue Oct 2 06:17:47 UTC 2018
This security update has been stuck in cosmic-proposed for two and a
half weeks, so this isn’t fixed.
** Changed in: openafs (Ubuntu)
Status: Fix Released => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1792234
Title:
Sync openafs 1.8.2-1 (universe) from Debian unstable (main)
Status in openafs package in Ubuntu:
Fix Committed
Bug description:
Please sync openafs 1.8.2-1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* Fix build with linux 4.18.
This Linux 4.18 patch was merged upstream as the only change between
1.8.1 and 1.8.1.1, and the security bugs were fixed as the only change
between 1.8.1.1 and 1.8.2, so this qualifies as an upstream
microrelease.
https://git.openafs.org/?p=openafs.git;a=shortlog;h=refs/heads
/openafs-stable-1_8_x
Changelog entries since current cosmic version 1.8.1-1ubuntu1:
openafs (1.8.2-1) unstable; urgency=high
* New upstream release 1.8.1.1:
- Support Linux 4.18.
* New upstream security release 1.8.2 (Closes: #908616):
- Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
(CVE-2018-16947).
- Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
(CVE-2018-16948).
- Fix OPENAFS-SA-2018-003: denial of service due to excess resource
consumption (CVE-2018-16949).
-- Anders Kaseorg <andersk at mit.edu> Tue, 11 Sep 2018 22:53:43 -0700
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1792234/+subscriptions
More information about the Ubuntu-sponsors
mailing list