[OpenAFS] Re: GiveUpAllCallBacks callers

Andrew Deason adeason@sinenomine.net
Mon, 13 Dec 2010 15:18:25 -0600


On Mon, 13 Dec 2010 15:51:21 -0500
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:

> 3. A security advisory was published on 20-Dec-2007
>    http://www.openafs.org/pages/security/OPENAFS-SA-2007-003.txt
>    The affected servers are versions:
> 
>    OpenAFS 1.3.50 - 1.4.5, OpenAFS 1.5.0 - 1.5.27

And if anyone reading this is running fileservers in this range, please
say something!

Speaking only for myself personally, I support the change that Derrick
mentions and am not going to expend much effort in mitigating fallout,
but part of the reason is that I'm not aware of any publicly-accessible
fileservers running the affected versions. If there is anyone reading
this that is running these fileserver versions and somehow has a good
reason to not upgrade, that might change my opinion, so please speak up.

-- 
Andrew Deason
adeason@sinenomine.net