From a492dbe92f9c312d4e123fdf19578be17ae3e741 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 6 Apr 2009 15:55:49 -0700 Subject: [PATCH] Add security advisories and CVEs and a NEWS entry --- debian/changelog | 13 +++++++------ debian/openafs-client.NEWS | 11 +++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index c7701a130..4389f9e61 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,12 +1,13 @@ -openafs (1.4.2-6etch2) UNRELEASED; urgency=high +openafs (1.4.2-6etch2) oldstable-security; urgency=high * Apply upstream security patches from 1.4.9: - - Avoid a potential kernel memory overrun if more items than requested - are returned from an InlineBulk or BulkStatus message. - - Avoid converting negative errors into invalid kernel memory - pointers. + - OPENAFS-SA-2009-001: Avoid a potential kernel memory overrun if more + items than requested are returned from an InlineBulk or BulkStatus + message. (CVE-2009-1251) + - OPENAFS-SA-2009-002: Avoid converting negative errors into invalid + kernel memory pointers. (CVE-2009-1250) - -- Russ Allbery Thu, 02 Apr 2009 20:59:28 -0700 + -- Russ Allbery Mon, 06 Apr 2009 15:55:24 -0700 openafs (1.4.2-6etch1) stable-security; urgency=high diff --git a/debian/openafs-client.NEWS b/debian/openafs-client.NEWS index a78507f7a..d95bd602a 100644 --- a/debian/openafs-client.NEWS +++ b/debian/openafs-client.NEWS @@ -1,3 +1,14 @@ +openafs (1.4.10+dfsg1-1) unstable; urgency=high + + This release of OpenAFS contains security fixes in the kernel module. + Be sure to also upgrade openafs-modules-source, build a new kernel + module for your system following the instructions in + /usr/share/doc/openafs-client/README.modules.gz, and then either stop + and restart openafs-client or reboot the system to reload the kernel + module. + + -- Russ Allbery Mon, 06 Apr 2009 15:51:14 -0700 + openafs (1.4.2-6) unstable; urgency=medium As of this release of the OpenAFS kernel module, all cells, including -- 2.39.5