Hey, Marc, Pekka & everyone, Do you think if we reissued this under the new bug number (RH Bugzilla # 152794), it might see some action? It took me awhile looking through my mail archives to find this test up- date notification. It may be that simply no one uses this package? I know I don't and wouldn't know how to test it. -David On Wed, 9 Feb 2005, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Test Update Notification > FEDORALEGACY-2005-2116 > Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2116 > 2005-02-09 > --------------------------------------------------------------------- > > Name : rp-pppoe > 7.3 Version : rp-pppoe-3.3-10.legacy > 9 Version : rp-pppoe-3.5-2.2.legacy > fc1 Version : rp-pppoe-3.5-8.2.legacy > Summary : A PPP over Ethernet client (for xDSL support). > Description : > PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by > many ADSL Internet Service Providers. This package contains the > Roaring Penguin PPPoE client, a user-mode program that does not > require any kernel modifications. It is fully compliant with RFC 2516, > the official PPPoE specification. > > --------------------------------------------------------------------- > Update Information: > > An updated rp-pppoe package that fixes a security vulnerability is now > available. > > The rp-pppoe package is a PPP over Ethernet client (for xDSL support). > > Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet > driver from Roaring Penguin. When the program is running setuid root > (which is not the case in a default Red Hat Linux or Fedora Core > installation), an attacker could overwrite any file on the file system. > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CAN-2004-0564 to this issue. > > All users of rp-pppoe should upgrade to this updated package, which > resolves this issue. > > --------------------------------------------------------------------- > Changelogs: > > rh73: > * Sat Feb 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> > 3.3.8-10.legacy > - added missing autoconf to BuildRequires > > * Sat Oct 09 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> > 3.3.8-9.legacy > - added better patch for CAN-2004-0564 > > * Thu Oct 07 2004 Simon Weller <simon@xxxxxxxxxxxxxxx> 3.3.8-7.x.legacy > - added patch for CAN-2004-0564, setuid root file overwriting issue > > rh9: > * Sat Feb 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> > 3.5-2.2.legacy > - added missing autoconf to BuildRequires > > * Sat Oct 09 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> > 3.5-2.1.legacy > - add rp-pppoe-3.5-CAN-2004-0564.patch > > fc1: > * Sat Feb 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> > 3.5-8.2.legacy > - added missing autoconf to BuildRequires > > * Thu Oct 07 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 3.5-8.1.legacy > - add rp-pppoe-3.5-CAN-2004-0564.patch > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedoralegacy.org/ > (sha1sums) > > 3f7646466059606af82392573647db2757a07184 > redhat/7.3/updates-testing/i386/rp-pppoe-3.3-10.legacy.i386.rpm > 0c9fdb6d3ad087cdedef83dc564ae1b21d8f5bab > redhat/7.3/updates-testing/SRPMS/rp-pppoe-3.3-10.legacy.src.rpm > dda91513cd724e0175550465b19c8fab00876f9a > redhat/9/updates-testing/i386/rp-pppoe-3.5-2.2.legacy.i386.rpm > a5806f7bbcb5cd62f33a9b36904d08548da976b8 > redhat/9/updates-testing/SRPMS/rp-pppoe-3.5-2.2.legacy.src.rpm > 8f808a8239aeebf880c9b9b894531dd26db849a9 > fedora/1/updates-testing/i386/rp-pppoe-3.5-8.2.legacy.i386.rpm > ef55f4b9380d5551129f806ae76ba548bfb7bdb4 > fedora/1/updates-testing/SRPMS/rp-pppoe-3.5-8.2.legacy.src.rpm > > --------------------------------------------------------------------- > > Please test and comment in bugzilla. -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
