Univention Bugzilla – Bug 46158
rpcbind: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:56 CEST
rpcbind (0.2.1-6+deb8u2) jessie-security; urgency=medium CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
Must be released with or after Bug #46158: > The following packages have unmet dependencies: > rpcbind : Depends: libtirpc1 (>= 0.2.5-1+deb8u1) but it is not going to be installed 3b53be9028 Bug #46158: rpcbind 0.2.1-6+deb8u2
--- mirror/ftp/4.2/unmaintained/4.2-0/source/rpcbind_0.2.1-6+deb8u1A~4.2.0.201702281317.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/rpcbind_0.2.1-6+deb8u2A~4.2.3.201801251012.dsc @@ -1,7 +1,11 @@ -0.2.1-6+deb8u1A~4.2.0.201702281317 [Tue, 28 Feb 2017 13:17:58 +0100] Univention builddaemon <buildd@univention.de>: +0.2.1-6+deb8u2A~4.2.3.201801251012 [Thu, 25 Jan 2018 10:12:58 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-version-check-ucs420 + +0.2.1-6+deb8u2 [Thu, 04 May 2017 19:37:10 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2017-8779 0.2.1-6+deb8u1 [Fri, 18 Sep 2015 18:45:15 +0200] Salvatore Bonaccorso <carnil@debian.org>:
* All UCS specific patches applied during rebuilt: 4.2-0-0-ucs/0.2.1-6+deb8u2-errata4.2-3/0001-version-check-ucs420.patch * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok (also references Bug #44674)
<http://errata.software-univention.de/ucs/4.2/396.html>