Comment 5 for bug 356861

To fix this for Intrepid, please sync openafs 1.4.7.dfsg1-6+lenny1 from Debian stable into Intrepid. Full changelog since Intrepid’s 1.4.7.dfsg1-6:

openafs (1.4.7.dfsg1-6+lenny1) stable-security; urgency=high

  * Apply upstream security patches from 1.4.9:
    - OPENAFS-SA-2009-001: Avoid a potential kernel memory overrun if more
      items than requested are returned from an InlineBulk or BulkStatus
      message. (CVE-2009-1251)
    - OPENAFS-SA-2009-002: Avoid converting negative errors into invalid
      kernel memory pointers. (CVE-2009-1250)

 -- Russ Allbery <email address hidden> Mon, 06 Apr 2009 15:53:20 -0700