Debian Bug report logs - #585186
Two security issues fixed in FreeBSD

version graph

Package: kfreebsd-8; Maintainer for kfreebsd-8 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 7 Jun 2010 16:18:02 UTC

Severity: grave

Tags: security

Fixed in version 8.0-6

Done: Aurelien Jarno <aurelien@aurel32.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#584930; Package kfreebsd-8. (Mon, 07 Jun 2010 16:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Mon, 07 Jun 2010 16:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Two security issues fixed in FreeBSD
Date: Mon, 07 Jun 2010 18:15:47 +0200
Package: kfreebsd-8
Severity: grave
Tags: security

Hi,
the following CVE IDs have been published for FreeBSD, please
check whether they need to be fixed for kfreebsd and whether
kfreebsd-6 and kfreebsd-7 from Lenny are affected:

CVE-2010-2022:
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc

CVE-2010-2020:
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#584930; Package kfreebsd-8. (Tue, 08 Jun 2010 12:57:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Tue, 08 Jun 2010 12:57:09 GMT) Full text and rfc822 format available.

Message #10 received at 584930@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Moritz Muehlenhoff <jmm@debian.org>, 584930@bugs.debian.org
Subject: Re: Bug#584930: Two security issues fixed in FreeBSD
Date: Tue, 8 Jun 2010 14:53:25 +0200
On Mon, Jun 07, 2010 at 06:15:47PM +0200, Moritz Muehlenhoff wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> 
> Hi,
> the following CVE IDs have been published for FreeBSD, please
> check whether they need to be fixed for kfreebsd and whether
> kfreebsd-6 and kfreebsd-7 from Lenny are affected:
> 
> CVE-2010-2022:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc

We don't yet provide (yet) the jail binary, so we are not vulnerable to
this one.

> CVE-2010-2020:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
> 

On the other hand, the kfreebsd* packages are affected by this bug,
though not with the default configuration. I'll do an upload to unstable
with high urgency, but I don't think it deserve a fix in lenny.

I'll upload the security tracker accordingly.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#584930; Package kfreebsd-8. (Wed, 09 Jun 2010 21:36:18 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Wed, 09 Jun 2010 21:36:18 GMT) Full text and rfc822 format available.

Message #15 received at 584930@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Moritz Muehlenhoff <jmm@debian.org>, 584930@bugs.debian.org
Subject: Re: Bug#584930: Two security issues fixed in FreeBSD
Date: Wed, 9 Jun 2010 23:35:32 +0200
clone 584930 -1
reassign 584930 kfreebsd-7
thanks

On Mon, Jun 07, 2010 at 06:15:47PM +0200, Moritz Muehlenhoff wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> 
> Hi,
> the following CVE IDs have been published for FreeBSD, please
> check whether they need to be fixed for kfreebsd and whether
> kfreebsd-6 and kfreebsd-7 from Lenny are affected:
> 
> CVE-2010-2022:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
> 
> CVE-2010-2020:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
> 

kfreebsd-7 is affected, cloning the bug.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Bug 584930 cloned as bug 585186. Request was from Aurelien Jarno <aurelien@aurel32.net> to control@bugs.debian.org. (Wed, 09 Jun 2010 21:54:01 GMT) Full text and rfc822 format available.

Reply sent to Aurelien Jarno <aurelien@aurel32.net>:
You have taken responsibility. (Wed, 09 Jun 2010 22:31:39 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 09 Jun 2010 22:31:39 GMT) Full text and rfc822 format available.

Message #22 received at 585186-done@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: 585186-done@bugs.debian.org
Subject: Re: Two security issues fixed in FreeBSD
Date: Thu, 10 Jun 2010 00:25:18 +0200
Version: 8.0-6

On Mon, Jun 07, 2010 at 06:15:47PM +0200, Moritz Muehlenhoff wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> 
> Hi,
> the following CVE IDs have been published for FreeBSD, please
> check whether they need to be fixed for kfreebsd and whether
> kfreebsd-6 and kfreebsd-7 from Lenny are affected:
> 
> CVE-2010-2022:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
> 
> CVE-2010-2020:
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
> 

This has been fixed in version 8.0-6 of kfreebsd-8.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 20 Sep 2010 07:34:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:32:31 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.