Bug#613312: kfreebsd: denial-of-service
On Mon, Feb 14, 2011 at 08:15:43AM +0100, Petr Salinger wrote:
> forcemerge 613312 611476
> --
>> a denial-of-service has been posted for freebsd [0]. i don't have time
>> to verify whether any of the claims actually affect debian. please
>> check the kfreebsd package.
>>
>> [0] http://www.exploit-db.com/exploits/16064/
>
> It affects us, we already care about it in #611476.
> The tested patch is scheduled (not-yet-uploaded) in our squeeze branch
>
> http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/
>
> http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/debian/patches/000_tcp_usrreq.diff
>
> Please decide, whether fix should go via security.d.o or can wait for point update.
A point update is sufficient. IIRC FreeBSD itself doesn't treat local
denial of service as security issues.
Cheers,
Moritz
Reply to: