Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2

To: Roger Kalt <roger.kalt@gmail.com>, 837607@bugs.debian.org
Subject: Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 17 Sep 2016 22:23:06 +0100
Message-id: <[🔎] 1474147386.2011.135.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 837607@bugs.debian.org
In-reply-to: <[🔎] 20160912203246.6075.5817.reportbug@x200.kalt>
References: <[🔎] 20160912203246.6075.5817.reportbug@x200.kalt>

Control: tags -1 + confirmed

On Mon, 2016-09-12 at 22:32 +0200, Roger Kalt wrote:
> Update closes bug https://bugs.debian.org/836505 which allowed to post entry as
> arbitrary username by improper authentication.

+elog (2.9.2+2014.05.11git44800a7-3) jessie; urgency=medium
+
+  * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
+    arbitrary username (Closes: #836505, CVE-2016-6342)

The version number should be "2.9.2+2014.05.11git44800a7-2+deb8u1",
please. With that change, please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
  - From: Roger Kalt <roger.kalt@gmail.com>

References:
- Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
  - From: Roger Kalt <roger.kalt@gmail.com>

Prev by Date: Processed: Re: Bug#837575: jessie-pu: package suckless-tools/40-1+deb8u1
Next by Date: Processed: Re: Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
Previous by thread: Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
Next by thread: Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
Index(es):
- Date
- Thread