Am Sun, Jan 10, 2021 at 12:34:35AM +0100 schrieb Moritz Mühlenhoff: > Am Tue, Oct 27, 2020 at 08:53:28PM +0100 schrieb Salvatore Bonaccorso: > > Source: openrc > > Version: 0.42-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.com/OpenRC/openrc/issues/201 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > Control: found -1 0.40.3-1 > > > > > > CVE-2018-21269[0]: > > | checkpath in OpenRC through 0.42.1 might allow local users to take > > | ownership of arbitrary files because a non-terminal path component can > > | be a symlink. > > This got fixed in > https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335
*ping*, can we get that fixed in bullseye? Cheers, Moritz