[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Jon Trulson
jon at radscan.com
Mon Oct 7 11:00:08 MDT 2013
On Mon, 7 Oct 2013, Erik Auerswald wrote:
> Hi,
>
> On Thu, Aug 15, 2013 at 02:11:17PM -0400, Paul Fox wrote:
>> jon wrote:
>> > On Thu, 15 Aug 2013, Hamid Zamani wrote:
>> >> On 08/15/2013 07:22 AM, Jon Trulson wrote:
>> >>> On Thu, 15 Aug 2013, Erik Auerswald wrote:
>> >>>> On 08/13/2013 11:38 PM, Jon Trulson wrote:
>> >>>>> [...]
>> >>>>> This looks fine.
>> >>>>
>> >>>> I have just committed the patch to svn.
>> >>>>
>> >>>> @Hamid Zamani: Please check if all vulnerabilities you reported are
>> >>>> actually fixed.
>> >>>>
>> >>>> @Jon: Would you like to prepare a maintenance release of NAS?
>> >>>
>> >>> Sure - maybe this weekend? I want to at least wait till Hamid has
>> >>> checked them. Thanks for the patches Erik!
>> >>
>> >> There are some issues about clients, can we fix them before maintenance
>> >> release ? or later ?
>> >
>> > There's no urgency - we can wait till all the issues are settled.
>>
>> i dunno. i'd think all the minix and amoeba os users would be pretty
>> impatient for these fixes!! :-)
>
> There are CVE numbers[1] allocated for these issues, Ubuntu has
> released fixed packages, and fixed packages are in Debian Testing and
> Unstable, but no official NAS release.
>
> I have heard nothing substantial regarding client issues yet, so I'd
> suggest making a release of the current code. WDYT?
>
> [1] CVE-2013-4256
> CVE-2013-4257
> CVE-2013-4258
>
Agreed -- I was awaiting client issues as well, but I think we've
waited long enough :) I will prepare a release for today/tonight.
Then I will begin looking at conversion from svn to git.
--
Jon Trulson
"I am become Grey. I stand between the Darkness, and the Light.
Between the Candle, and the Star."
- Delen
More information about the nas
mailing list