Your message dated Sun, 10 Feb 2019 17:25:15 +0000
with message-id <[email protected]>
and subject line done
has caused the Debian Bug report #850320,
regarding mock: CVE-2016-6299: privilige escalation via mock-scm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
850320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mock
Version: 1.3.2-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
the following vulnerability was published for mock. I'm not too
familiar with it, but following the code and the applied upstream
commit 1.3.2-1 should be vulnerable.
CVE-2016-6299[0]:
privilige escalation via mock-scm
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6299
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1375490
[2]
https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
version: 1.3.2-1
long fixed, just never marked as done.
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
--- End Message ---
