Control: tags -1 +pending On Fri, Aug 3, 2018 at 5:27 PM Benjamin Barenblat <bba...@debian.org> wrote: > Attempting to mount a FUSE overlay file system over an autofs or FAT > mount fails with the error > > fusermount: mounting over filesystem type 0x00000187 is forbidden > > (for autofs) or > > fusermount: mounting over filesystem type 0x00004d44 is forbidden > > (for FAT). This occurs because the autofs and FAT magic numbers are not in > debian/patches/CVE-2018-10906/0005-fusermount-whitelist-known-good-filesystems-for-moun.patch. > autofs's magic was added to upstream in > https://github.com/libfuse/libfuse/commit/0ef031bfc08564e7c5920432e13373dcf18dbc63, > but FAT's magic has not been added yet. Indeed, it's a regression of the DSA due to an upstream change. I've fixed the FAT issue and sent it to upstream. When he accept it, I will upload it to Sid. Then I can do a packaging update for Stretch as discussed with the Security Team. This will take some days unfortunately. :(
Thanks for the report, Laszlo/GCS
