[ubuntu/vivid-proposed] autofs 5.0.8-1ubuntu3 (Accepted)

Fri Mar 20 20:18:13 UTC 2015

autofs (5.0.8-1ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: privilege escalation via interpreter load path
    - debian/patches/CVE-2014-8169-*.patch: add a prefix to program map
      stdvars and a config option to override it in include/mounts.h,
      lib/mounts.c, modules/lookup_program.c, modules/parse_sun.c,
      include/defaults.h, lib/defaults.c, modules/lookup_program.c,
      samples/autofs.conf.default.in, document changes in
      man/autofs.5, man/auto.master.5.in.
    - CVE-2014-8169

Date: Fri, 20 Mar 2015 16:04:47 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/autofs/5.0.8-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Mar 2015 16:04:47 -0400
Source: autofs
Binary: autofs autofs-ldap autofs-hesiod autofs5 autofs5-ldap autofs5-hesiod
Architecture: source
Version: 5.0.8-1ubuntu3
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 autofs     - kernel-based automounter for Linux
 autofs-hesiod - Hesiod map support for autofs
 autofs-ldap - LDAP map support for autofs
 autofs5    - transitional dummy package for 'autofs'
 autofs5-hesiod - transitional dummy package for 'autofs-hesiod'
 autofs5-ldap - transitional dummy package for 'autofs-ldap'
Changes:
 autofs (5.0.8-1ubuntu3) vivid; urgency=medium
 .
   * SECURITY UPDATE: privilege escalation via interpreter load path
     - debian/patches/CVE-2014-8169-*.patch: add a prefix to program map
       stdvars and a config option to override it in include/mounts.h,
       lib/mounts.c, modules/lookup_program.c, modules/parse_sun.c,
       include/defaults.h, lib/defaults.c, modules/lookup_program.c,
       samples/autofs.conf.default.in, document changes in
       man/autofs.5, man/auto.master.5.in.
     - CVE-2014-8169
Checksums-Sha1:
 e1ddd00f8087cb81de32ecaceef3d3325f17983e 2464 autofs_5.0.8-1ubuntu3.dsc
 7304f7181a7e0f5d31b3d445282455cf98386f82 22932 autofs_5.0.8-1ubuntu3.debian.tar.xz
Checksums-Sha256:
 2644355957be0cf2a64000adf07b0e4221a880c84b36e930a9c947297d8d2036 2464 autofs_5.0.8-1ubuntu3.dsc
 f151fdfb56a7b0ea4435c42188f462025e2bdb00cb010d14e4274328e5d5c0f8 22932 autofs_5.0.8-1ubuntu3.debian.tar.xz
Files:
 641f89d6cea04f3cd7c99a691af0f261 2464 utils extra autofs_5.0.8-1ubuntu3.dsc
 8aff61a05f3e78897238af476b36ef0c 22932 utils extra autofs_5.0.8-1ubuntu3.debian.tar.xz
Original-Maintainer: Michael Tokarev <mjt at tls.msk.ru>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDH/rAAoJEGVp2FWnRL6TlZMP/3qx7oxCRymyuo0TiCtBgu70
3EmzcXIKQ7C/GDJ1QlKZCgbUix832fq6rIumhHI+ge17i5S5Ah45WK45DKAGbCR7
nlY02PYpSQ9JMEnl1llW7L7dkBDpvMpsT1I/gLoYgPNugV2yOTL0YjC+3BvDq3u6
/A6VA/+Kbmr6aeVl7HDNT5DyrJIVqLQVKguO7efvJv0nymF2yBRZaSDDbOEwpLTS
ejC2b90KjIfvo5V5rhYcFqX0dBqJQXEHxpUT+aa8jeRHEBNhqGQSXLiW/dqCUa/7
MZlNMchoX554ifbif73hrBcO3lVcgnpC+GH5RISKqP/LIymP5J7qaCxubndPKCWa
NfWmQC5lOaBSgkTSNyMjOiciwuBlE3+0P7GxmyBggUhPdoQ5eAXNvnkGL9S/fMJl
07k7yzPfiMUXCCGEmW33WR1aLHebYKeVuYC2htCMDNzqYx6ALUePTUXz+3Hmzr00
XhiJkPenOTxNYEbVnPZ1m4knbigJucd7MEBVRamI5BZusI7kfulODW7YAFIcptKK
9h30gt7bz6h7JxmUbqnNKdrgzrbxi0402/epFKGCR6eRaUKPGB2sDa4yJn6aeBQ5
OhMpbPt441tndkmnIVgJ4crUUGhjZXmisHf3Psto/ZODfSSHquhbftm1cV52baug
aheGwlIkhdZnw9fwx2rf
=g2EE
-----END PGP SIGNATURE-----