[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Erik Auerswald
auerswal at unix-ag.uni-kl.de
Mon Oct 7 08:04:12 MDT 2013
Hi,
On Thu, Aug 15, 2013 at 02:11:17PM -0400, Paul Fox wrote:
> jon wrote:
> > On Thu, 15 Aug 2013, Hamid Zamani wrote:
> > > On 08/15/2013 07:22 AM, Jon Trulson wrote:
> > >> On Thu, 15 Aug 2013, Erik Auerswald wrote:
> > >>> On 08/13/2013 11:38 PM, Jon Trulson wrote:
> > >>>> [...]
> > >>>> This looks fine.
> > >>>
> > >>> I have just committed the patch to svn.
> > >>>
> > >>> @Hamid Zamani: Please check if all vulnerabilities you reported are
> > >>> actually fixed.
> > >>>
> > >>> @Jon: Would you like to prepare a maintenance release of NAS?
> > >>
> > >> Sure - maybe this weekend? I want to at least wait till Hamid has
> > >> checked them. Thanks for the patches Erik!
> > >
> > > There are some issues about clients, can we fix them before maintenance
> > > release ? or later ?
> >
> > There's no urgency - we can wait till all the issues are settled.
>
> i dunno. i'd think all the minix and amoeba os users would be pretty
> impatient for these fixes!! :-)
There are CVE numbers[1] allocated for these issues, Ubuntu has
released fixed packages, and fixed packages are in Debian Testing and
Unstable, but no official NAS release.
I have heard nothing substantial regarding client issues yet, so I'd
suggest making a release of the current code. WDYT?
[1] CVE-2013-4256
CVE-2013-4257
CVE-2013-4258
Regards,
Erik
--
It gave some error message, or something.
-- Agustín Cernuda del Río
More information about the nas
mailing list