Bug#690672: librdmacm: CVE-2012-4516

2012-10-30 Thread Moritz Muehlenhoff
On Thu, Oct 18, 2012 at 08:14:08PM +0100, Adam D. Barratt wrote: > On Wed, 2012-10-17 at 13:33 -0700, Roland Dreier wrote: > > > Whilst this has now been fixed in unstable, it was via the upload of a > > > new upstream which adds over 2000 lines of new code (and doesn't even > > > directly includ

Bug#690672: librdmacm: CVE-2012-4516

2012-10-18 Thread Adam D. Barratt
On Wed, 2012-10-17 at 13:33 -0700, Roland Dreier wrote: > > Whilst this has now been fixed in unstable, it was via the upload of a > > new upstream which adds over 2000 lines of new code (and doesn't even > > directly include the security fix) and with a debhelper compat bump > > thrown in on th

Bug#690672: librdmacm: CVE-2012-4516

2012-10-17 Thread Roland Dreier
> Whilst this has now been fixed in unstable, it was via the upload of a > new upstream which adds over 2000 lines of new code (and doesn't even > directly include the security fix) and with a debhelper compat bump > thrown in on the packaging side. > > It's possible someone might feel incli

Bug#690672: librdmacm: CVE-2012-4516

2012-10-17 Thread Adam D. Barratt
On Tue, 2012-10-16 at 11:52 +0200, Moritz Muehlenhoff wrote: > Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4516 for > details an a patch. Whilst this has now been fixed in unstable, it was via the upload of a new upstream which adds over 2000 lines of new code (and doesn't even

Bug#690672: librdmacm: CVE-2012-4516

2012-10-17 Thread Moritz Muehlenhoff
On Tue, Oct 16, 2012 at 09:47:54AM -0700, Roland Dreier wrote: > The first vulnerable version in Debian is 1.0.14. Upstream introduced > ACM support (where the vulnerability exists) in version 1.0.12, so > Debian's 1.0.10 is not vulnerable. Thanks, I'll mark Squeeze as not affected in the Debian

Bug#690672: librdmacm: CVE-2012-4516

2012-10-16 Thread Roland Dreier
The first vulnerable version in Debian is 1.0.14. Upstream introduced ACM support (where the vulnerability exists) in version 1.0.12, so Debian's 1.0.10 is not vulnerable. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact lis

Bug#690672: librdmacm: CVE-2012-4516

2012-10-16 Thread Moritz Muehlenhoff
Package: librdmacm Severity: grave Tags: security Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4516 for details an a patch. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsub