Ubuntu
openafs package

  1. Bug #723121
  2. Comment #5

Comment 5 for bug 723121

Revision history for this message
Christian Biamont (christianbiamont) wrote :

Merge from debian package.
    - CVE-2011-0430: update ticket5 from heimdal. Avoids a double-free which
    basically allows an arbitrary attack against any krb5-aware Rx service by
    exploiting when the double-free occurs in asn1 payloads which came from the wire.
    - CVE-2011-0431: Use correct type of error in flock code.

Got the diff originally from Debian. I've compared the diffs of "openafs_1.4.12.1+dfsg-4.diff.gz" and "openafs_1.4.12.1+dfsg-3.diff.gz".

Tried to manually patch "openafs-1.4.12+dfsg"-source with the patch and all changes were applied successfully.
Tried to build .deb package with pbuilder and it was built without problems.
No testing other than to build the package has been performed.

This debdiff takes the CVE-related changes from debian package "openafs_1.4.12.1+dfsg-4" and applies to Ubuntu's "openafs-1.4.12+dfsg".

One note: I did not succeed to set "XSBC-Original-Maintainer"-field in debian/control. I left the maintainer field untouched. Hope this is ok with you.
---
Christian