Your message dated Tue, 8 Mar 2005 13:32:07 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Ack NMU
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Dec 2004 21:29:29 +0000
>From [EMAIL PROTECTED] Thu Dec 09 13:29:29 2004
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CcVqq-0002Wf-00; Thu, 09 Dec 2004 13:29:28 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 08DE917FE7
for <[EMAIL PROTECTED]>; Thu, 9 Dec 2004 21:29:24 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id F10B26E08E; Thu, 9 Dec 2004 16:30:29 -0500 (EST)
Date: Thu, 9 Dec 2004 16:30:29 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: DOS due to SIGPIPE (CAN-2004-1014)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: nfs-utils
Version: 1:1.0.6-3
Tags: patch, security
Severity: grave
As noted in CAN-2004-1014 and DSA-606-1, there's a denial of service
security hole in nfs-utils:
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal,
which allows remote attackers to cause a denial of service (server
process crash) via a TCP connection that is prematurely terminated.
There's a simple patch in upstream cvs, which can be seen here:
http://cvs.sourceforge.net/viewcvs.py/nfs/nfs-utils/utils/statd/statd.c?r1=
=3D1.17&r2=3D1.18&diff_format=3Du
--=20
see shy jo
--fUYQa+Pmc3FrFX/N
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBuMP1d8HHehbQuO8RAtlZAJ4pdGo8F4xrF0H+fld8ItQt7c5WlQCfTjYa
USxsocxL4R9cGCHWDBDKikY=
=sSV1
-----END PGP SIGNATURE-----
--fUYQa+Pmc3FrFX/N--
---------------------------------------
Received: (at 284971-done) by bugs.debian.org; 8 Mar 2005 18:32:15 +0000
>From [EMAIL PROTECTED] Tue Mar 08 10:32:15 2005
Return-path: <[EMAIL PROTECTED]>
Received: from perlsupport.com (mail.perlsupport.com) [66.180.163.120]
(66bf47edb70e3cd7ca0a4676409ac0fa)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8jV9-0007X0-00; Tue, 08 Mar 2005 10:32:15 -0800
Received: from [67.132.206.254] (helo=tytlal)
by mail.perlsupport.com (Exim 4) with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
id 1D8jV8-000079-BG
for [EMAIL PROTECTED]; Tue, 08 Mar 2005 13:32:14 -0500
Received: from chip by tytlal with local (Exim 4.50)
id 1D8jV1-0004fK-Md
for [EMAIL PROTECTED]; Tue, 08 Mar 2005 13:32:07 -0500
Date: Tue, 8 Mar 2005 13:32:07 -0500
From: Chip Salzenberg <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Ack NMU
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Thanks for the NMU. The NMU has been superseded; I forgot to
ack it in the changelog, apparently, so here 'tis.
--
Chip Salzenberg - a.k.a. - <[EMAIL PROTECTED]>
Open Source is not an excuse to write fun code
then leave the actual work to others.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
