Public bug reported: Please sync openafs 1.8.2-1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped: * Fix build with linux 4.18. This Linux 4.18 patch was merged upstream as the only change between 1.8.1 and 1.8.1.1, and the security bugs were fixed as the only change between 1.8.1.1 and 1.8.2, so this qualifies as an upstream microrelease. https://git.openafs.org/?p=openafs.git;a=shortlog;h=refs/heads/openafs- stable-1_8_x Changelog entries since current cosmic version 1.8.1-1ubuntu1: openafs (1.8.2-1) unstable; urgency=high * New upstream release 1.8.1.1: - Support Linux 4.18. * New upstream security release 1.8.2 (Closes: #908616): - Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc (CVE-2018-16947). - Fix OPENAFS-SA-2018-002: information leakage in RPC output variables (CVE-2018-16948). - Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption (CVE-2018-16949). -- Anders Kaseorg <ande...@mit.edu> Tue, 11 Sep 2018 22:53:43 -0700 ** Affects: openafs (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16947 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16948 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16949 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792234 Title: Sync openafs 1.8.2-1 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1792234/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs