Bug#913801: stretch-pu: package mistral/3.0.0-4 CVE-2018-16849: std.ssh action may disclose presence of arbitrary files
Control: tag -1 confirmed
On Thu, Nov 15, 2018 at 02:07:01PM +0100, Thomas Goirand wrote:
> diff --git a/debian/changelog b/debian/changelog
> index b2ce8602..06234034 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,11 @@
> +mistral (3.0.0-4+deb9u1) stretch-security; urgency=medium
Remove the -security bit.
> +
> + * CVE-2018-16849: std.ssh action may disclose presence of arbitrary files,
> + applied upstream patch: remove extra information from std.ssh action.
> + (Closes: #912714).
> +
> + -- Thomas Goirand <zigo@debian.org> Mon, 05 Nov 2018 14:38:44 +0100
> +
> mistral (3.0.0-4) unstable; urgency=medium
>
> * Add allow-sqla-1.1.patch to allow SQLA transition.
Other than that, looks ok to upload.
Cheers,
Julien
Reply to: