Bug#908616: OpenAFS security release

2018-09-11 Thread Benjamin Kaduk 
On Tue, Sep 11, 2018 at 10:02:20PM +0200, Salvatore Bonaccorso wrote:
> Hey!
> 
> On Tue, Sep 11, 2018 at 02:30:51PM -0500, Benjamin Kaduk wrote:
> > Source: openafs
> > Version: 1.6.9-2+deb8u7
> > Tags: security
> > Severity: serious
> > 
> > OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
> > http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
> > http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
> > http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
> > 
> > No CVEs have been assigned yet.
> 
> Would it be possible, that you with both your maintainers and upstream
> part could request accordingly CVEs via http://cveform.mitre.org/ (and
> then loop back the assignment here once got those).

OPENAFS-SA-2018-001 is CVE-2018-16947.
OPENAFS-SA-2018-002 is CVE-2018-16948.
OPENAFS-SA-2018-003 is CVE-2018-16949.

-Ben

Bug#908616: OpenAFS security release

2018-09-11 Thread Salvatore Bonaccorso 
Hey!

On Tue, Sep 11, 2018 at 02:30:51PM -0500, Benjamin Kaduk wrote:
> Source: openafs
> Version: 1.6.9-2+deb8u7
> Tags: security
> Severity: serious
> 
> OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
> http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
> http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
> http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
> 
> No CVEs have been assigned yet.

Would it be possible, that you with both your maintainers and upstream
part could request accordingly CVEs via http://cveform.mitre.org/ (and
then loop back the assignment here once got those).

Regards,
Salvatore

Bug#908616: OpenAFS security release

2018-09-11 Thread Benjamin Kaduk 
Source: openafs
Version: 1.6.9-2+deb8u7
Tags: security
Severity: serious

OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt

No CVEs have been assigned yet.

-Ben