Your message dated Sat, 6 Apr 2019 07:39:23 +0200
with message-id <[email protected]>
and subject line kfreebsd-8 has been removed from Debian
has caused the Debian Bug report #768106,
regarding kfreebsd-8: CVE-2014-8476: getlogin kernel memory disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
768106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768106
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:kfreebsd-9
Version: 9.0-10+deb70.7
Severity: grave
Tags: security patch upstream
Hi,
kfreebsd 9.0 (not officially supported upstream) seems vulnerable to an
issue just announced in 9.1 and later:
http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
kfreebsd-8 8.3 in wheezy, kfreebsd-10 in sid/jessie, and kfreebsd-11 in
experimental also seem to be affected by this.
-- System Information:
Debian Release: jessie/sid
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 8.3-7+rm
kfreebsd-8 is no longer in Debian, I'm therefore closing the remaining
bug reports. If the bug is still present in the current versions
(kfreebsd-10 and kfreebsd-11), feel free to reopen and reassign or file
a new bug report.
Andreas
--- End Message ---
