> /etc/udev/rules.d/65_dmsetup.rules needs to be changed so that the three
first lines all have GOTO="device_mapper_end".
Confirmed that this resolves the problem.
Cheers,
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
--
To UNS
On Saturday 01 March 2008 14:44:01 Nico Golde wrote:
> Hi Tim,
>
> * Tim Brown <[EMAIL PROTECTED]> [2008-03-01 15:28]:
> > On Tuesday 19 February 2008 20:12:29 Nico Golde wrote:
> > > > It
> > > > probably also needs rewording since SuSE confirmed it
t works.
I've attached a patch that I think resolves this issue on stable - no
warranties. Just wanted to make this final email as I'm intending to release
my advisory shortly subject to any updates here.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.o
On Tuesday 19 February 2008 19:20:23 Nico Golde wrote:
> * Tim Brown <[EMAIL PROTECTED]> [2008-02-19 20:08]:
> > I've just notice that the security tracker
> > http://security-tracker.debian.net/tracker/status/release/unstable has
> > been updated for festival. Ho
Nico,
I've just notice that the security tracker
http://security-tracker.debian.net/tracker/status/release/unstable has been
updated for festival. However it is wrong. This bug *is* remotely
exploitable (due to the afore mentioned lack of ACLs).
Tim
--
Tim Brown
<mailto:[EMAIL P
vious bug history there was some discussion about
disabling the system command too, but IMO this does little to fix the
underlying problem of an unauthenticated scheme interpreter bound to a
remote port with no ACLs or authentication.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<
be pushed to unstable and backported to stable security.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Monday 18 February 2008 01:40:00 Kumar Appaiah wrote:
> On Sun, Feb 17, 2008 at 05:32:44PM +0000, Tim Brown wrote:
> > I've just built it here. It is lintian clean and the patch provides the
> > required security fix. However 2 small points, 1) The logging doesn&#x
as this is a security bug.
Another thought, the fix will require backporting to stable so that it can go
into the security updates.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
t work
as /var/log/festival isn't created (and owned by festival,audio) 2)
Passwords are displayed by debconf rather than hiding them with *'s. I'm
only a fellow maintainer, but I'm sure your mentor can provide appropriate
feedback on these issues.
Cheers,
Tim
--
Tim Brown
<m
escalation attacks.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: festival
Version: 1.96~beta-5
Severity: critical
Tags: security
Justification: root security hole
Nth Dimension Security Advisory (NDSA20080215)
Date: 15th February 2008
Author: Tim Brown <mailto:[EMAIL PROTECTED]>
URL: <http://www.nth-dimension.org.uk/> / <http://www
12 matches
Mail list logo
