| 2008-09-16 18:25:21 |
Scott Kitterman |
bug |
|
|
added bug |
| 2008-09-16 18:27:28 |
Scott Kitterman |
description |
Vulnerability is still private, I'll edit that in once I know the bug is private. |
Security changes in the new upcoming release are:
1) responsebuf is now dynamically allocated, avoiding a buffer overrun found and published by openwave.
2) txt record lengths are now handled properly, avoiding a remote exploit.
#2 is the private one.
I have the code and will prepare debdiffs. I don't have a precise embargo date for this yet. Still working on that. |
|
| 2008-09-19 01:58:01 |
Scott Kitterman |
bug |
|
|
added attachment 'dapper.patch' (Dapper patch) |
| 2008-09-19 01:58:55 |
Scott Kitterman |
bug |
|
|
added attachment 'feisty.patch' (Feisty patch) |
| 2008-09-19 01:59:50 |
Scott Kitterman |
bug |
|
|
added attachment 'hardy.patch' (Gutsy/Hardy patch) |
| 2008-09-19 02:00:48 |
Scott Kitterman |
bug |
|
|
added attachment 'intrepid.patch' (Intrepid patch) |
| 2008-10-15 04:48:21 |
Scott Kitterman |
bug |
|
|
added attachment 'intrepid.debdiff' (Intrepid) |
| 2008-10-15 04:49:20 |
Scott Kitterman |
bug |
|
|
added attachment 'intrepid.debdiff' (Hardy) |
| 2008-10-15 04:50:22 |
Scott Kitterman |
bug |
|
|
added attachment 'gutsy.debdiff' (Gutsy) |
| 2008-10-15 04:51:12 |
Scott Kitterman |
bug |
|
|
added attachment 'feisty.debdiff' (Feisty) |
| 2008-10-15 04:55:11 |
Scott Kitterman |
bug |
|
|
added attachment 'dapper.debdiff' (Dapper) |
| 2008-10-15 04:56:37 |
Scott Kitterman |
libspf2: status |
New |
Triaged |
|
| 2008-10-15 04:56:37 |
Scott Kitterman |
libspf2: importance |
Undecided |
High |
|
| 2008-10-15 04:56:37 |
Scott Kitterman |
libspf2: statusexplanation |
|
|
|
| 2008-10-15 04:56:59 |
Scott Kitterman |
bug |
|
|
added subscriber MOTU SWAT |
| 2008-10-15 05:27:14 |
Kees Cook |
libspf2: status |
Triaged |
In Progress |
|
| 2008-10-15 05:27:14 |
Kees Cook |
libspf2: assignee |
|
kitterman |
|
| 2008-10-15 12:59:54 |
Jamie Strandboge |
who_made_private |
kitterman |
|
|
| 2008-10-15 13:09:37 |
Jamie Strandboge |
libspf2: status |
New |
In Progress |
|
| 2008-10-15 13:09:37 |
Jamie Strandboge |
libspf2: statusexplanation |
|
|
|
| 2008-10-15 13:09:47 |
Jamie Strandboge |
libspf2: status |
New |
In Progress |
|
| 2008-10-15 13:09:47 |
Jamie Strandboge |
libspf2: statusexplanation |
|
|
|
| 2008-10-15 13:10:02 |
Jamie Strandboge |
libspf2: status |
New |
In Progress |
|
| 2008-10-15 13:10:02 |
Jamie Strandboge |
libspf2: statusexplanation |
|
|
|
| 2008-10-15 13:10:15 |
Jamie Strandboge |
libspf2: status |
New |
In Progress |
|
| 2008-10-15 13:10:15 |
Jamie Strandboge |
libspf2: statusexplanation |
|
|
|
| 2008-10-15 13:26:43 |
Jamie Strandboge |
libspf2: status |
In Progress |
Fix Committed |
|
| 2008-10-15 13:26:58 |
Jamie Strandboge |
libspf2: status |
In Progress |
Fix Committed |
|
| 2008-10-15 13:27:10 |
Jamie Strandboge |
libspf2: status |
In Progress |
Fix Committed |
|
| 2008-10-15 13:27:22 |
Jamie Strandboge |
libspf2: status |
In Progress |
Fix Committed |
|
| 2008-10-15 13:35:05 |
Launchpad Janitor |
libspf2: status |
In Progress |
Fix Released |
|
| 2008-10-15 17:06:10 |
Launchpad Janitor |
libspf2: status |
Fix Committed |
Fix Released |
|
| 2008-10-15 17:06:10 |
Launchpad Janitor |
libspf2: status |
Fix Committed |
Fix Released |
|
| 2008-10-15 17:06:10 |
Launchpad Janitor |
libspf2: status |
Fix Committed |
Fix Released |
|
| 2008-10-15 17:39:26 |
Jamie Strandboge |
libspf2: status |
Fix Committed |
Fix Released |
|
| 2009-07-26 12:02:12 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/dapper/libspf2/dapper-security |
|
| 2009-07-26 12:03:14 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/feisty/libspf2/feisty-security |
|
| 2009-07-26 12:03:22 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/gutsy-updates/libspf2 |
|
| 2009-07-26 12:04:11 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/hardy/libspf2/hardy-security |
|
