[Secure-testing-team] Security update for fuse
Roger Leigh
rleigh at whinlatter.ukfsn.org
Sat Jun 4 14:51:50 UTC 2005
Bartosz Fenski aka fEnIo <fenio at debian.org> writes:
> On Sat, Jun 04, 2005 at 12:26:15PM +0100, Roger Leigh wrote:
>> >> There's a serious vulnerability in fuse; see bug #311634.
>> >> This does not yet have a CVE ref, but I found
>> >> http://secunia.com/advisories/15561/
>> >>
>> >> I've prepared updates for both sid and sarge:
>> >> http://people.debian.org/~rleigh/fuse/sarge-security/
>> >>
>> >> Due to the release being so close, I haven't uploaded either of these.
>> >> I'm not a security expert, so thought you might be better reviewing
>> >> them first, in case I've missed something.
>> >
>> > FWIW, the patch is identical to the one posted to linux-kernel by
>> > Miklos Szeredi, the official fuse kernel maintainer, so it seems
>> > safe.
>>
>> Thanks. Just to double check, which distribution do I put in the
>> changelog, and which upload queue do I use? aba said to use
>> sarge-security, but elsewhere I read to use testing-security, so I'd
>> just like to be 100% sure.
>
> I also have prepared fixed packages and I also not sure where to upload
> them. I wrote to security team two days ago about it and I haven't received
> any answer yet.
Properly built (with source) packages are here:
http://people.debian.org/~rleigh/fuse/
These are ready to upload if you want.
Regards,
Roger
--
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
More information about the Secure-testing-team
mailing list