[Secure-testing-team] Security update for fuse
Roger Leigh
rleigh at whinlatter.ukfsn.org
Sat Jun 4 11:26:15 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moritz Muehlenhoff <jmm at inutil.org> writes:
> Roger Leigh wrote:
>> There's a serious vulnerability in fuse; see bug #311634.
>> This does not yet have a CVE ref, but I found
>> http://secunia.com/advisories/15561/
>>
>> I've prepared updates for both sid and sarge:
>> http://people.debian.org/~rleigh/fuse/sarge-security/
>>
>> Due to the release being so close, I haven't uploaded either of these.
>> I'm not a security expert, so thought you might be better reviewing
>> them first, in case I've missed something.
>
> FWIW, the patch is identical to the one posted to linux-kernel by
> Miklos Szeredi, the official fuse kernel maintainer, so it seems
> safe.
Thanks. Just to double check, which distribution do I put in the
changelog, and which upload queue do I use? aba said to use
sarge-security, but elsewhere I read to use testing-security, so I'd
just like to be 100% sure.
Thanks again,
Roger
- --
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFCoY/UVcFcaSW/uEgRApVeAJ952i8A00jHfn5M+KELcVfn1tJh1QCcD17w
1FZQKQpN6sgFydf4QsofqI8=
=LJzA
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list