Control: tags -1 + confirmed On Mon, 2016-09-12 at 22:32 +0200, Roger Kalt wrote: > Update closes bug https://bugs.debian.org/836505 which allowed to post entry > as > arbitrary username by improper authentication.
+elog (2.9.2+2014.05.11git44800a7-3) jessie; urgency=medium + + * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as + arbitrary username (Closes: #836505, CVE-2016-6342) The version number should be "2.9.2+2014.05.11git44800a7-2+deb8u1", please. With that change, please go ahead. Regards, Adam
