Marking Hardy status as "Won't Fix" as this package is not eligible for
5 year support.
** Changed in: openvpn (Ubuntu Hardy)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad
** Changed in: openvpn (Ubuntu)
Status: New => Fix Released
** Changed in: openvpn (Ubuntu Hardy)
Status: New => Confirmed
** Changed in: openvpn (Ubuntu Hardy)
Importance: Undecided => Low
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted
Hi,
In my understanding it only removes abilities to set remotely the route
*software* (/sbin/route , whatever).
Something that:
- I can't find a case why you may want to do such thing.
- Is an undocumented feature.
I haven't tested it but from quickly reading the code you still can
remotely c
Minimal patch from James Yonan (upstream)
This patch simply removes the affected features, which is probably a
little too excessive for our taste.
** Attachment added: "openvpn-2.1_rc7.diff"
http://launchpadlibrarian.net/17309060/openvpn-2.1_rc7.diff
--
[CVE-2008-3459] OpenVPN vulnerability
To fix this in hardy (rc7-based, probably affected) :
Difficult to extract a minimal patch from the RC8 to RC9 diff. I removed
what was obviously windowsish and the version number updates. The
problem is that the exact nature of the vulnerability doesn't seem to
have been disclosed, that the upstr
I've filed a sync request of openvpn 2.1~rc9-3 from Debian unstable to
intrepid (bug 258767).
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted configuration
https://bugs.launchpad.net/bugs/256621
You received this bug notification because you are a member o
** Changed in: openvpn (Debian)
Status: Unknown => Fix Released
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted configuration
https://bugs.launchpad.net/bugs/256621
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Also affects: openvpn (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493488
Importance: Unknown
Status: Unknown
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted configuration
https://bugs.launchpad.net/bugs/256621
You received
see also debian's equivalent bug: http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=493488
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted configuration
https://bugs.launchpad.net/bugs/256621
You received this bug notification because you are a member of U
Adding CVE reference: CVE-2008-3459
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via
crafted configuration
https://bugs.launchpad.net/bugs/256621
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-
10 matches
Mail list logo