608446 – (CVE-2016-9772) <net-fs/openafs{,-kernel}-1.6.20.1: file and directory names leak information

Bug 608446 (CVE-2016-9772) - <net-fs/openafs{,-kernel}-1.6.20.1: file and directory names leak information

Summary: <net-fs/openafs{,-kernel}-1.6.20.1: file and directory names leak information

Status:	RESOLVED FIXED

Alias:	CVE-2016-9772

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-02-06 15:47 UTC by Adrian
Modified:	2017-06-06 12:07 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	=net-fs/openafs-1.6.20.1 =net-fs/openafs-kernel-1.6.20.1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adrian 2017-02-06 15:47:45 UTC

http://www.openafs.org/pages/main.html

Most importantly, this would add support for 4.9 kernels.

Comment 1 Brian Evans (RETIRED) gentoo-dev

2017-02-07 20:34:45 UTC

In addition, this is a security release..
from https://www.openafs.org/dl/openafs/1.6.20/RELNOTES-1.6.20
                       User-Visible OpenAFS Changes
OpenAFS 1.6.20 (Security Release)

  All platforms

    * Fix for OPENAFS-SA-2016-003: file and directory names leak due to
      reuse of directory objects without zeroing the contents
      (12461 12462 12463 12464 12465)

Comment 2 Adam Feldman gentoo-dev

2017-02-08 17:41:52 UTC

commit 715a23f1ed89c85642d3f0bd59680a1d360999e7
Author: NP-Hardass <NP-Hardass@gentoo.org>
Date:   Wed Feb 8 12:37:44 2017 -0500

    net-fs/openafs: Version bump to 1.6.20.1, #608446
    
    Package-Manager: portage-2.3.0

commit 7a709b7a02de59dd6f33d90559c4e9bf2409f120
Author: NP-Hardass <NP-Hardass@gentoo.org>
Date:   Tue Feb 7 21:24:44 2017 -0500

    net-fs/openafs-kernel: Bump to 1.6.20.1, supports up to kernel 4.9, #608446
    
    Package-Manager: portage-2.3.0


Will update in a day or two with a stable req if no bugs pop up.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-13 01:43:28 UTC

(In reply to NP-Hardass from comment #2)
> Will update in a day or two with a stable req if no bugs pop up.

Now ready to start stabilization?

Comment 4 Yury German Gentoo Infrastructure

2017-04-30 17:11:07 UTC

Ping!!!!

Comment 5 Andrew Savchenko gentoo-dev

2017-04-30 21:34:26 UTC

Pong!!! :)

Arch teams, please stabilise provided packages.

Comment 6 Agostino Sarubbo gentoo-dev

2017-05-01 13:37:21 UTC

amd64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2017-05-04 15:55:39 UTC

x86 stable

Comment 8 Yury German Gentoo Infrastructure

2017-05-09 06:21:00 UTC

GLSA Vote: No

sparc please stabilize or move package to ~sparc

Comment 9 Agostino Sarubbo gentoo-dev

2017-05-12 14:55:34 UTC

sparc stable.

Maintainer(s), please cleanup.

Comment 10 Andrew Savchenko gentoo-dev

2017-05-13 10:06:01 UTC

Cleanup completed.

Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-06 12:07:24 UTC

All done.