[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#929042: singularity-container: CVE-2019-11328)

Hi Afif,

On Thu, May 16, 2019 at 12:59:55PM -0400, Afif Elghraoui wrote:
> 
> 
> On May 15, 2019 5:13:24 PM EDT, Salvatore Bonaccorso <carnil@debian.org> wrote:
> >Hi Afif,
> >
> >On Wed, May 15, 2019 at 10:57:49PM +0200, Salvatore Bonaccorso wrote:
> >> Then there is nothing further to be done.
> >
> >Oh, actually there is an open point: Is it confirmed that 3.0.3 is not
> >affected by the CVE? Did you got any information why this is only
> >introduced in 3.1.0?
> >
> 
> Ok, I asked upstream and the answer is that the commit that
> introduced the bug came after 3.0.3.

Thanks a lot for confirming!

This post to oss-security confirms it: https://www.openwall.com/lists/oss-security/2019/05/16/1

The security-tracker now will mark as well the buster version then as
not-affected.

Thanks for your work!

Regards,
Salvatore
Reply to: