Advice on tracking a vulnerability

To: debian-security-tracker@lists.debian.org
Subject: Advice on tracking a vulnerability
From: Christian Kastner <ckk@debian.org>
Date: Thu, 15 Jun 2023 09:04:06 +0200
Message-id: <[🔎] aa7c1471-f1ff-d192-1777-ef789cf51c90@debian.org>

Hi,

when setting up a debci network, I noticed that the binaries from the
amqp-tools package expose credentials in the process list.

This had already been reported upstream [1]. I filed #1037322 [2] to
track the issue within the BTS, with tag "security".

However, I cannot see the bug in the security tracker. I guess I'm
assuming too much behind the security tag?

Anyhoo, my patch to fix this got merged upstream and I'll update
#1037322 accordingly, but I'm unclear as to if/how this should be
tracked/reported, and consequently if/how this should be fixed in stable
and older.

Advice would be very much appreciated.

Best,
Christian

[1] https://github.com/alanxz/rabbitmq-c/issues/575

[2] https://bugs.debian.org/1037322

Reply to:

Prev by Date: External check
Next by Date: External check
Previous by thread: External check
Next by thread: Bug#1039606: Don't display unimportant issues as "vulnerable"
Index(es):
- Date
- Thread