Advice on tracking a vulnerability
Hi,
when setting up a debci network, I noticed that the binaries from the
amqp-tools package expose credentials in the process list.
This had already been reported upstream [1]. I filed #1037322 [2] to
track the issue within the BTS, with tag "security".
However, I cannot see the bug in the security tracker. I guess I'm
assuming too much behind the security tag?
Anyhoo, my patch to fix this got merged upstream and I'll update
#1037322 accordingly, but I'm unclear as to if/how this should be
tracked/reported, and consequently if/how this should be fixed in stable
and older.
Advice would be very much appreciated.
Best,
Christian
[1] https://github.com/alanxz/rabbitmq-c/issues/575
[2] https://bugs.debian.org/1037322
Reply to: