On Fri, Nov 30, 2007 at 02:18:28PM +0100, Paul Slootman wrote:
> On Fri 30 Nov 2007, Nico Golde wrote:
>
> > attached is an NMU proposal to fix this bug just in case you
> > have no time to fix this.
>
> Is this based on upstream's patch?
>
> > For this I needed to backport the patch cause it won't apply
> > with the version in Debian.
>
> There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable
> version).
>
> 2.6.4 is "oldstable". I think first priority is the stable version...
I don't think the first part ("1. Daemon advisory for "use chroot = no")
needs to be fixed in Sarge or Etch. This essentially only adds an
additional feature to control symlink creation.
We should fix CVE-2007-6200, but there's not yet a patch AFAICS.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
