Bug#1001849: Acknowledgement (bullseye-pu: package glewlwyd/2.5.2-2+deb11u1)

[Salvatore Bonaccorso <carnil@debian.org>]

Hi,

On Sat, Dec 18, 2021 at 10:03:51AM +0100, Salvatore Bonaccorso wrote:
> Hi Nicolas,
> 
> On Fri, Dec 17, 2021 at 08:25:38PM -0500, Nicolas Mora wrote:
> > See attached debdiff
> 
> > diff -Nru glewlwyd-2.5.2/debian/changelog glewlwyd-2.5.2/debian/changelog
> > --- glewlwyd-2.5.2/debian/changelog	2021-09-22 08:42:59.000000000 -0400
> > +++ glewlwyd-2.5.2/debian/changelog	2021-12-17 07:51:46.000000000 -0500
> > @@ -1,3 +1,9 @@
> > +glewlwyd (2.5.2-2+deb11u2) bullseye; urgency=medium
> > +
> > +  * d/patches: Fix possible privilege escalation (Closes: #1001849)
> 
> This should ot close the release.d.o filled bug, but the bug in the
> BTS associates with glewlwyd if one exists. Related question: is there
> a CVE and details on the issue?

Answering the last question to myself: As you stated the CVE was
requested :)

Regards,
Salvatore