Hi Timo On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote: > On 03.02.2013 23:59, Moritz Mühlenhoff wrote: > >On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote: > >>On 26.01.2013 23:06, Salvatore Bonaccorso wrote: > >>>Hi Timo > >>> > >>>On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote: > >>>>On 24.01.2013 20:30, Moritz Muehlenhoff wrote: > >>>>>Package: sssd > >>>>>Severity: grave > >>>>>Tags: security > >>>>> > >>>>>Hi, > >>>>>multiple security issues have been discovered in sssd. Please see the > >>>>>Red Hat > >>>>>bugzilla entries for details and patches: > >>>>> > >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219 > >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220 > >>>> > >>>>Yep, I'm aware of them and will prepare an upload later. > >>> > >>>The relevant commits seem to be: > >>> > >>> CVE-2013-0219: > >>> > >>> http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 > >>> and > >>> http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a > >>> . > >>> See also https://fedorahosted.org/sssd/ticket/1782 . > >>> > >>> CVE-2013-0220: > >>> http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 > >>> . > >>>See https://fedorahosted.org/sssd/ticket/1781 . > >> > >>There's still no backported commits for 1.8.x which is in sid/wheezy > >>(94cbf1cfb0f8 at least needs backporting), I'll ask upstream > >>tomorrow. > > > >What's the status? > > Upstream released 1.8.6 with the patches, I have them staged in git > and am discussing with the release team what other fixes can get in > wheezy.
Did you heard anything back from the release team? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
