On Wed, Jul 08, 2020 at 09:07:25AM +0100, Jeremy Sowden wrote:
...
> The new upstream release added extra checks to ensure that the object at
> the end of the path is a device file of the right sort before opening
> it:
...
> However, the error messages still leak information, allowing the user to
> test for the existence of arbitrary files:
...
> The patch changes the error messages to prevent this:
...
Oh, I think I understand now. So I reckon with the extra patch this CVE
is fixed.
I'm going to upload this soon :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature