[Secure-testing-team] CVE-2007-5740: Security Bug in Perdition
Simon Horman
horms at verge.net.au
Thu Nov 1 09:45:03 UTC 2007
On Thu, Nov 01, 2007 at 06:56:33PM +1100, Steffen Joeris wrote:
> Hi Simon
>
> On Thu, 1 Nov 2007 05:35:36 pm Simon Horman wrote:
> > I wish to advise that a security vulnerability has been found in
> > perdition which may lead to an attacker being able to execute arbitrary
> > code on the machine running perdition without the need for
> > authentication.
> Thank you very much for the information and the great cooperation.
>
> > The bug will be hence forth tracked as CVE-2007-5740
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5740
> As soon as the CVE shows up in the tracker and on the mitre page, I will mark
> it as fixed in sid accordingly.
>
> Do you expect any problems with the migration from unstable to testing? The
> last uploads show that the package migrated after the quarantine time
> according to the urgency. Therefore, I suspect that the package should
> migrate after two days (assuming that all the buildds pick it up). Thus,
> there should be no need for a DTSA. I will inform you though, if that should
> change and then give you a go for an upload, if migration does not happen
> soonish.
Hi Steffen,
thanks for getting back to me.
I don't expect any problems with the migration, as the change is quite
minor and it already seems to have built successfully on many
architectures. I guess the only problem might be some dependancy related
blockage. We should know soon.
Just for the record, the 1.17-8+lenny1 packages I prepared and and 1.17.1-1
are be very nearly the same thing.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
More information about the Secure-testing-team
mailing list