Sure thing, I'll add a patch as soon as I've had time to make it.
You should note that one of the patches, the one addressing:
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6587.html
Has a couple of issues.
Basically, it removes functionality as an interim fix for the actual patch
which is added in 1.6.13.
So, while this patch will remove that security hole, it will also in some cases
break functionality.
This issue already exists in 12.04 of course.
To quote the openafs git repo where they reverted back from this fix:
commit fc43236872c798fe426590714d19773c74d4bbbe
Author: Jeffrey Altman <jalt...@your-file-system.com>
Date: Mon Aug 3 15:03:00 2015 -0400
Revert "vlserver: Disable regex volume name processing in ListAttributesN2"
This change reverts commit 22481ab3705522ac1988b7de038c4dbc1e5009a9 which
by disabling regex queries of volume names breaks some backup software
including TSM.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-6587
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513461
Title:
OPENAFS-SA-2015-007 "Tattletale"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1513461/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
