Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

Hi Steve,
* Steve Kemp <skx@debian.org> [2007-12-07 20:26]:
> On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
> > What about those, are they unimportant?
> > They are still present in the etch code. I stumbled
> > upon them while preparing a testing-security upload.
>
> Uknown. I used the patch provided by Theodore Tso, which he
> is/was planning on using for Sid/Ubuntu.
>
> If there are missing bits then we'll need to reissue the update,
> but right now I believed the patch was as complete as it needed
> to be.

[...]
I asked Ted about this, I just quote what he wrote: "I don't consider that to be a high
priority issue, since it's not likely that an attacker would be able to trick an administrator to run resize2fs on some random filesystem image while running as root."

So decide on your own if this warrants an update of the DSA, he will include this in 1.40.4.
Kind regards
Nico

-- 
Nico Golde - 
http://www.ngolde.de - 
nion(at)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org