Discussion:
Bug#698735: CVE-2012-5530
(too old to reply)
Moritz Muehlenhoff
2013-01-22 21:50:02 UTC
Permalink
Package: pcp
Severity: important
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5530
for further references.

Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Nathan Scott
2013-01-24 23:40:02 UTC
Permalink
----- Original Message -----
Post by Moritz Muehlenhoff
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5530
for further references.
Thanks Moritz; I will work on the squeeze backport over this weekend.
An upstream update is planned for next week which I'll use to get the
version in unstable updated.

cheers.

--
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Nathan Scott
2013-01-28 23:50:01 UTC
Permalink
Hi,

----- Original Message -----
Post by Nathan Scott
----- Original Message -----
Post by Moritz Muehlenhoff
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5530
for further references.
Thanks Moritz; I will work on the squeeze backport over this weekend.
An upstream update is planned for next week which I'll use to get the
version in unstable updated.
I've prepared the squeeze backport, and done sanity testing on a
build on my laptop (which is running unstable).

Could someone from the security team help me out with details or
other assistance on a clean squeeze build? I don't have a spare
machine (or much diskspace for new VMs, etc, currently) to do a
local squeeze build.

The updated sources are at: git://oss.sgi.com/pcp/pcp squeeze

Many thanks!

--
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Nathan Scott
2013-03-20 00:00:01 UTC
Permalink
Hi all,

This is not getting any traction & in danger of being forgotten -
can anyone help out who knows the security update build process?
The patches have been prepared, tested, and are ready in the git
tree (below) - but I need some help to get it over the line.

thanks!!

----- Original Message -----
Post by Nathan Scott
----- Original Message -----
Post by Nathan Scott
----- Original Message -----
Post by Moritz Muehlenhoff
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5530
for further references.
Thanks Moritz; I will work on the squeeze backport over this
weekend.
An upstream update is planned for next week which I'll use to get the
version in unstable updated.
I've prepared the squeeze backport, and done sanity testing on a
build on my laptop (which is running unstable).
Could someone from the security team help me out with details or
other assistance on a clean squeeze build? I don't have a spare
machine (or much diskspace for new VMs, etc, currently) to do a
local squeeze build.
The updated sources are at: git://oss.sgi.com/pcp/pcp squeeze
Many thanks!
--
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Salvatore Bonaccorso
2013-04-05 05:20:02 UTC
Permalink
# fixed in 3.6.10 upstream, first upload to Debian with 3.7.1
Control: fixed -1 3.7.1

Hi Nathan
Post by Nathan Scott
Hi all,
This is not getting any traction & in danger of being forgotten -
can anyone help out who knows the security update build process?
The patches have been prepared, tested, and are ready in the git
tree (below) - but I need some help to get it over the line.
thanks!!
Only an update... In the security-tracker CVE-2012-5530[1] was marked
as no-dsa. This means there will not be a security announce update via
stable-security. But could you prepare a fix for it for Squeeze via a
stable-proposed-updates?

See [2] for further information on that.

[1]: https://security-tracker.debian.org/tracker/CVE-2012-5530
[2]: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Does this helps?

p.s.: Don't know if it was discussed previously already, with 2.8.0
upload the package is now a Debian native package. See [3]. Was this
intentional? Or would it be possible to convert the package to a
non-native source package?

[3]: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#sourcelayout

Thanks for your work done!

Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Nathan Scott
2013-04-07 00:00:01 UTC
Permalink
Hi,

----- Original Message -----
Post by Salvatore Bonaccorso
...
Only an update... In the security-tracker CVE-2012-5530[1] was marked
as no-dsa. This means there will not be a security announce update via
stable-security. But could you prepare a fix for it for Squeeze via a
stable-proposed-updates?
See [2] for further information on that.
[1]: https://security-tracker.debian.org/tracker/CVE-2012-5530
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Does this helps?
I'm travelling at the moment with limited net access - will read
through the above in ~1 week and see. Thanks for the pointers!

cheers.

--
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Nathan Scott
2013-08-07 23:40:02 UTC
Permalink
Hi guys,

Coming back to this one after quite some time ... (my apologies!)

----- Original Message -----
Post by Salvatore Bonaccorso
Only an update... In the security-tracker CVE-2012-5530[1] was marked
as no-dsa. This means there will not be a security announce update via
stable-security. But could you prepare a fix for it for Squeeze via a
stable-proposed-updates?
I have finally been able to find resources needed to setup an oldstable
machine to appropriately build and test these changes, and have done so
now.

So, mainly FYI - I'll be following Salvatore's pointer above, and doing
an upload as a proposed update to oldstable to resolve this one (stable
has since become wheezy and it is unaffected).

cheers.

--
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Loading...