Please sync ziproxy 3.1.3-1 (universe) from Debian unstable
Bug #657024 reported by
David Sugar
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ziproxy (Debian) |
Fix Released
|
Unknown
|
|||
ziproxy (Ubuntu) |
Fix Released
|
Undecided
|
Loïc Minier | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Maverick |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ziproxy
As per Debian #584933 and CVE-2010-1513 there is a remote network exploit allowing arbitrary code to be executed. This has been fixed in 3.0.1, though Debian presently packages 3.1.3-1. We package 2.7.2, which is vulnerable and carries a couple of arm specific patches. I have verified the new package from sid at least minimally builds on Maverick unmodified for x86. I will review the patch we have made to see if it is still valid and needed for armel (originally LP: #539874), but it is a very simple one and should be easy to include if needed.
CVE References
visibility: | private → public |
summary: |
- please sync/merge 3.1.3-1 from debian (unstable) to Maverick (universe) - - security vulnerability + please sync 3.1.3-1 from debian (unstable) to replace 2.7.2-1ubuntu2 in + Maverick (universe) - security vulnerability |
Changed in ziproxy (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
3..1.3 builds fine from sid on Maverick unmodified, including on armel. Since this is a security vulnerability with a remote network exploit, I think it should be targeted as a SRU.