Re: network-manager: CVE-2016-0764
On 17/06/17 16:04, Michael Biebl wrote:
> On Thu, 7 Apr 2016 19:43:36 +0200 Salvatore Bonaccorso
> <carnil@debian.org> wrote:
>> Source: network-manager
>> Version: 0.9.4.0-10
>> Conrol: fixed -1 1.1.91-1
>>
>> Hi,
>>
>> On Wed, Apr 06, 2016 at 11:25:58PM +0200, Michael Biebl wrote:
>>> Hi Moritz,
>>>
>>> Am 06.04.2016 um 22:08 schrieb Moritz Muehlenhoff:
>>>> Hi Michael,
>>>> there's CVE-2016-0764 for network-manager:
>>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f (1.2-beta2)
>>>>
>>>> It's also fixed in 1.0.12:
>>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12
>>>>
>>>> This doesn't warrant a DSA, but you can fix it through a jessie
>>>> point update.
>>>
>>> Could you turn this into a bug report please, otherwise I'll most
>>> certainly forget.
>>
>> Forwarding this to the BTS.
> 
> With stretch being released any moment now, this will have to be handled
> as a debian-lts / oldstable upload.
> 
> CCing the debian-lts mailing list, in case they want to make an upload
> for this issue (it's not DSA tracked)
jessie is not handled by the LTS team yet. Besides it's still open, you can do a
jessie-pu upload.
Cheers,
Emilio
Reply to: