Hi Michael, On Sun, Jul 03, 2016 at 01:15:15PM +0000, Debian Bug Tracking System wrote: > After further consideration, I'm going to close this bug report. > The offending tmpfiles snippet was removed in 215, so we don't really > need the fixup from v229. > > Moritz, can you mark the issue accordingly in the security tracker?
I though think we are mixing two CVEs here. The commit you references for 214 was assigned a different CVE: Cf. CVE-2014-9770 vs. CVE-2015-8842. But I have added a note additionally to the no-dsa that it does not affect jessie installations in practice to the security-tracker notes. Review welcome :-) For referene the two CVE (which though are related): https://security-tracker.debian.org/CVE-2014-9770 https://security-tracker.debian.org/CVE-2015-8842 It's a bit complex how MITRE has assigned the CVEs to the SuSE request possibly. But the commits referenced for the two should reflect the original assingment at https://marc.info/?l=oss-security&m=146031729006090&w=2 Regards, Salvatore
