Adam D. Barratt <adam@adam-barratt.org.uk> (2019-08-05): > On Wed, 2019-07-31 at 11:13 +0100, Simon McVittie wrote: > > GLib in buster is vulnerable to CVE-2019-13012 (configuration files > > and directories created with more open permissions than intended), > > which the security team have indicated is too minor for a DSA. > > <https://bugs.debian.org/931234> > > > > GLib has a udeb, so this technically needs a d-i ack, although I > > can't imagine why d-i would either use GKeyfileSettingsBackend or > > care about the resulting permissions. > > It does seem rather unlikely, but let's do the CC-for-ack dance in any > case. No objections, thanks. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature