Ubuntu
openafs package

Sync openafs 1.8.2-1 (universe) from Debian unstable (main)

Bug #1792234 reported by Anders Kaseorg
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openafs (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Please sync openafs 1.8.2-1 (universe) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * Fix build with linux 4.18.

This Linux 4.18 patch was merged upstream as the only change between
1.8.1 and 1.8.1.1, and the security bugs were fixed as the only change
between 1.8.1.1 and 1.8.2, so this qualifies as an upstream
microrelease.

https://git.openafs.org/?p=openafs.git;a=shortlog;h=refs/heads/openafs-stable-1_8_x

Changelog entries since current cosmic version 1.8.1-1ubuntu1:

openafs (1.8.2-1) unstable; urgency=high

  * New upstream release 1.8.1.1:
    - Support Linux 4.18.
  * New upstream security release 1.8.2 (Closes: #908616):
    - Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
      (CVE-2018-16947).
    - Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
      (CVE-2018-16948).
    - Fix OPENAFS-SA-2018-003: denial of service due to excess resource
      consumption (CVE-2018-16949).

 -- Anders Kaseorg <email address hidden> Tue, 11 Sep 2018 22:53:43 -0700

Hans Joachim Desserud (hjd)
tags: added: upgrade-software-version
Revision history for this message
Jeremy Bícha (jbicha) wrote :

This bug was fixed in the package openafs - 1.8.2-1
Sponsored for Anders Kaseorg (andersk)

---------------
openafs (1.8.2-1) unstable; urgency=high

  * New upstream release 1.8.1.1:
    - Support Linux 4.18.
  * New upstream security release 1.8.2 (Closes: #908616):
    - Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
      (CVE-2018-16947).
    - Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
      (CVE-2018-16948).
    - Fix OPENAFS-SA-2018-003: denial of service due to excess resource
      consumption (CVE-2018-16949).

 -- Anders Kaseorg <email address hidden> Tue, 11 Sep 2018 22:53:43 -0700

Changed in openafs (Ubuntu):
status: New → Fix Released
Revision history for this message
Anders Kaseorg (andersk) wrote :

This security update has been stuck in cosmic-proposed for two and a half weeks, so this isn’t fixed.

Changed in openafs (Ubuntu):
status: Fix Released → Fix Committed
Revision history for this message
Simon Quigley (tsimonq2) wrote :

The bug request is to do the sync, not to fix the actual bug. This bug, as filed, is fixed.

Changed in openafs (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.