[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#913801: stretch-pu: package mistral/3.0.0-4 CVE-2018-16849: std.ssh action may disclose presence of arbitrary files

Control: tag -1 confirmed

On Thu, Nov 15, 2018 at 02:07:01PM +0100, Thomas Goirand wrote:
> diff --git a/debian/changelog b/debian/changelog
> index b2ce8602..06234034 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,11 @@
> +mistral (3.0.0-4+deb9u1) stretch-security; urgency=medium

Remove the -security bit.

> +
> +  * CVE-2018-16849: std.ssh action may disclose presence of arbitrary files,
> +    applied upstream patch: remove extra information from std.ssh action.
> +    (Closes: #912714).
> +
> + -- Thomas Goirand <zigo@debian.org>  Mon, 05 Nov 2018 14:38:44 +0100
> +
>  mistral (3.0.0-4) unstable; urgency=medium
>  
>    * Add allow-sqla-1.1.patch to allow SQLA transition.

Other than that, looks ok to upload.

Cheers,
Julien
Reply to: