Bug#969349: buster-pu: package chrony/3.4-4+deb10u1

To: Vincent Blut <vincent.debian@free.fr>, 969349@bugs.debian.org
Subject: Bug#969349: buster-pu: package chrony/3.4-4+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 17 Sep 2020 20:19:45 +0100
Message-id: <[🔎] 8d7a491a292a54c7525919494b802e24c9211e64.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 969349@bugs.debian.org
In-reply-to: <[🔎] 20200916125428.GC2347@lamella>
References: <159890249516.2578.1341439855635979827.reportbug@lamella> <159890249516.2578.1341439855635979827.reportbug@lamella> <[🔎] 20200916125428.GC2347@lamella> <159890249516.2578.1341439855635979827.reportbug@lamella>

Control: tags -1 + confirmed

On Wed, 2020-09-16 at 14:54 +0200, Vincent Blut wrote:
> Hi,
> 
> On 2020-08-31T21:34+0200, Vincent Blut wrote:
[...]
> > chrony versions prior to 3.5.1 are vulnerable to a symlink race
> > when creating the PID file. CVE-2020-14367 has been assigned to
> > this vulnerability.
[...]
> In the meantime, Matt Corallo encountered a limitation in our
> AppArmor profile, which prevents the use of the “tempcomp” directive
> (#970421).
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#969349: buster-pu: package chrony/3.4-4+deb10u1
  - From: Vincent Blut <vincent.debian@free.fr>

Prev by Date: Processed: Re: Bug#969349: buster-pu: package chrony/3.4-4+deb10u1
Next by Date: Bug#970349: buster-pu: package icinga2/2.10.3-2+deb10u1
Previous by thread: Bug#969349: buster-pu: package chrony/3.4-4+deb10u1
Next by thread: Processed: Re: Bug#969349: buster-pu: package chrony/3.4-4+deb10u1
Index(es):
- Date
- Thread