Thanks Luke!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
To manage notifications about this bug go to:
https://bugs.launchpad.net/
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4134
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4135
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
** Changed in: openafs (Ubuntu Oneiric)
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
To manag
This bug was fixed in the package openafs - 1.6.1-2+ubuntu2.1
---
openafs (1.6.1-2+ubuntu2.1) quantal-security; urgency=high
* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
vos -encrypt doesn't encrypt connection data.
Buffer overflows which could c
This bug was fixed in the package openafs - 1.6.1-1+ubuntu0.2
---
openafs (1.6.1-1+ubuntu0.2) precise-security; urgency=low
* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
vos -encrypt doesn't encrypt connection data.
Buffer overflows which could ca
Hardy is EOL
** Changed in: openafs (Ubuntu Hardy)
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
** Branch linked: lp:ubuntu/lucid-security/openafs
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
To manage notifications about this
What happened with the updates for Oneric, Precise and Quantal
(especially Precise)?
The package in -proposed has been moved to -updates.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
This bug was fixed in the package openafs - 1.4.12+dfsg-3+ubuntu0.2
---
openafs (1.4.12+dfsg-3+ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: Fix fileserver buffer overflow when parsing
client-supplied ACL entries and protect against client parsing of bad ACL
entr
The ‘+’ may not be standard, but it’s necessary for openafs, for the
following subtle reason.
If you create a binary module package with
apt-get install module-assistant openafs-modules-source
m-a build openafs
then the resulting package is versioned as
openafs-modules-3.2.0-38-generic_1.6.1
I understand the bit about precise-proposed; Scott contacted me. I meant
to simply say that even if the rest were right, I couldn't process it
until -proposed was went to -updates. As for the versioning, to be
clear, precise has to be what you have now cause of what is in
-proposed. However, what i
ScottK did ask me, and I agreed, that these updates could be based on
-proposed. My apologies for not communicating that fact.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Se
As far as basing the debdiffs on -proposed, I requested that to avoid having to
redo the SRU. It's verified and will be released on Monday. With my ubuntu-
sru hat on, I'd ask you to take security fixes with the pending SRU included.
If it's needed, I'll release the SRU over the weekend, but
Jamie,
Thanks for your review.
On Fri, Mar 08, 2013 at 10:43:51PM -, Jamie Strandboge wrote:
> Thanks for your patches! Unfortunately, I can't process them at this time due
> to the following:
> - the oneiric debdiff does not use the format as prescribed by
> https://wiki.ubuntu.com/Securit
Thanks for your patches! Unfortunately, I can't process them at this time due
to the following:
- the quantal debdiff patches the files inline which it is a source format v3
(quilt) package. When redoing this patch, be sure to include DEP-3 comments
(the information that would have been in these
Raring needs this additional patch to fix a --no-copy-dt-needed-entries related
FTBFS:
http://gerrit.openafs.org/9387
(Luke has already included something equivalent in 1.6.2-1+ubuntu2.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
** Patch added: "Patch for lucid-security"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+attachment/3557892/+files/openafs_1.4.12%2Bdfsg-3%2Bubuntu0.2.debdiff
** Changed in: openafs (Ubuntu Lucid)
Status: Triaged => Confirmed
--
You received this bug notification bec
** Patch added: "Patch for oneiric-security"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+attachment/3557891/+files/openafs_1.6.0-1%2Bubuntu0.1.debdiff
** Changed in: openafs (Ubuntu Precise)
Assignee: Luke Faraone (lfaraone) => (unassigned)
** Changed in: openafs (Ubu
This patch corrects the problem on precise
** Patch added: "openafs_1.6.1-1+ubuntu0.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+attachment/3557879/+files/openafs_1.6.1-1%2Bubuntu0.2.debdiff
--
You received this bug notification because you are a member of Ubunt
** Changed in: openafs (Ubuntu Precise)
Assignee: (unassigned) => Luke Faraone (lfaraone)
** Changed in: openafs (Ubuntu Precise)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
** Also affects: openafs (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: openafs (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: openafs (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: openafs (Ubuntu Precise)
Anders: Re your update for Raring, I've changed the direct-to-source
changes in the debdiff into a patch and have uploaded the package to
Raring.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
The attachment "Patch for quantal-security" of this bug report has been
identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch yo
** Patch added: "Patch for quantal-security"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+attachment/3557819/+files/openafs_1.6.1-2ubuntu2_lp1145560.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
> kernel 3.8 support in the client (bug 1145560)
Er, bug 1098843.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
To manage notificati
Raring requires additional changes for kernel 3.8 support in the client
(bug 1145560). I’ve packaged these here:
http://web.mit.edu/andersk/Public/openafs/openafs_1.6.2-1+ubuntu1.dsc
http://web.mit.edu/andersk/Public/openafs/openafs_1.6.2-1+ubuntu1.debian.tar.xz
http://web.mit.edu/andersk/Public/
For the current development release of Ubuntu, you want to sync 1.6.2-1
from Debian experimental.
For quantal, precise, and oneiric, you want 1.6.1-3 as uploaded to
Debian unstable. I'm not sure if there are any Ubuntu-specific changes
that need to be preserved in the patch you're carrying.
For
The bug status was "In progress" because I was working on the fix, at
the request of the Security team.
I will change the status back to "triaged" and subscribe the ubuntu-
security-sponsors team when the fix is ready to be sponsored.
** Changed in: openafs (Ubuntu)
Status: Incomplete => I
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
29 matches
Mail list logo
