Sure thing, I'll add a patch as soon as I've had time to make it. You should note that one of the patches, the one addressing: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6587.html
Has a couple of issues. Basically, it removes functionality as an interim fix for the actual patch which is added in 1.6.13. So, while this patch will remove that security hole, it will also in some cases break functionality. This issue already exists in 12.04 of course. To quote the openafs git repo where they reverted back from this fix: commit fc43236872c798fe426590714d19773c74d4bbbe Author: Jeffrey Altman <jalt...@your-file-system.com> Date: Mon Aug 3 15:03:00 2015 -0400 Revert "vlserver: Disable regex volume name processing in ListAttributesN2" This change reverts commit 22481ab3705522ac1988b7de038c4dbc1e5009a9 which by disabling regex queries of volume names breaks some backup software including TSM. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-6587 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1513461 Title: OPENAFS-SA-2015-007 "Tattletale" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1513461/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs