Bug 242696 (CVE-2008-4552)

Comment 1 Stefan Behte (RETIRED) 2008-10-19 03:34:21 UTC

Seems that 1.0.9 up to 1.1.2 is vulnerable, we should stabilize 1.1.4 and mask the others, I guess.
net-fs, are there reasons why we have only 1.0.12-r1 and 1.1.0-r1 stable?
Is #235462 fixed in 1.1.4?

Comment 2 Robert Buchholz (RETIRED) 2008-10-22 19:30:32 UTC

Mike, would you recommend on stabling 1.1.3 or 1.1.4 for this bug?
For 1.1.4, bug 243066 might need fixing first.

Comment 3 SpanKY 2008-10-26 08:32:13 UTC

1.1.3 should be fine

Comment 4 Robert Buchholz (RETIRED) 2008-10-26 09:13:48 UTC

Arches, please test and mark stable:
=net-fs/nfs-utils-1.1.3
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 5 Markus Meier 2008-10-26 18:33:06 UTC

# emerge -1av =net-fs/nfs-utils-1.1.3

These are the packages that would be merged, in order:

Calculating dependencies \
!!! All ebuilds that could satisfy "sys-libs/e2fsprogs-libs" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-libs/e2fsprogs-libs-1.41.3 (masked by: ~x86 keyword)
- sys-libs/e2fsprogs-libs-1.41.2 (masked by: ~x86 keyword)
- sys-libs/e2fsprogs-libs-1.41.1 (masked by: ~x86 keyword)
- sys-libs/e2fsprogs-libs-1.41.0 (masked by: ~x86 keyword)


should we take e2fsprogs-libs-1.41.1 (>30 days in the tree)?

Comment 6 SpanKY 2008-10-26 20:10:51 UTC

i think e2fsprogs-libs have been around long enough to stabilize ... that said, current versions of nfs-utils have an unstated depend on e2fsprogs-libs, so we could in theory just drop the depend in 1.1.3 since it wouldnt be a regression for stable ...

Comment 7 Markus Meier 2008-10-27 20:07:51 UTC

amd64/x86 stable

Comment 8 Markus Rothe (RETIRED) 2008-10-30 17:36:34 UTC

ppc64 stable by ranger

Comment 9 Jeroen Roovers (RETIRED) 2008-10-30 18:41:34 UTC

Stable for HPPA.

Comment 10 Tobias Scherbaum (RETIRED) 2008-11-02 10:10:32 UTC

ppc stable

(In reply to comment #3)
> 1.1.3 should be fine

I am not sure if this should be moved to a new bug, but 1.1.3 seems to break nfsroot under Gentoo. /etc/init.d/root fails to remount root filesystem in read-write mode.
The command is the following : mount / -n -o remount,rw
and the result is : mount.nfs: Invalid argument
Any idea if the parameters somehow changed for 1.1.3 and if the root script needs an update?

Comment 12 Stefan Behte (RETIRED) 2008-11-05 23:25:46 UTC

Maybe related: http://bugs.gentoo.org/show_bug.cgi?id=198601

Comment 13 Raúl Porcel (RETIRED) 2008-11-08 17:16:32 UTC

alpha/ia64 stable

Comment 14 Stefan Behte (RETIRED) 2008-11-30 16:33:55 UTC

sparc: *ping*

Comment 15 Friedrich Oslage (RETIRED) 2008-12-30 20:15:38 UTC

sparc stable

sorry for the delay, had to wait for portage-2.1.6 for e2fsprogs-libs

Comment 16 Tobias Heinlein (RETIRED) 2008-12-31 12:40:17 UTC

Ready for vote, I vote YES.

Comment 17 Stefan Behte (RETIRED) 2009-01-11 18:56:26 UTC

Yes, too. Request filed.

Comment 18 Robert Buchholz (RETIRED) 2009-03-07 16:25:30 UTC

GLSA 200903-06