[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2



Control: tags -1 + confirmed

On Mon, 2016-09-12 at 22:32 +0200, Roger Kalt wrote:
> Update closes bug https://bugs.debian.org/836505 which allowed to post entry as
> arbitrary username by improper authentication.

+elog (2.9.2+2014.05.11git44800a7-3) jessie; urgency=medium
+
+  * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
+    arbitrary username (Closes: #836505, CVE-2016-6342)

The version number should be "2.9.2+2014.05.11git44800a7-2+deb8u1",
please. With that change, please go ahead.

Regards,

Adam


Reply to: