El 20/12/18 a las 12:57, Moritz Muehlenhoff escribió: > On Thu, Dec 20, 2018 at 03:11:49PM +0530, Abhijith PA wrote: > > Hi Santiago, > > > > On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote: > > > Dear Maintainers, > > > > > > (It seems my first attempt to send this mail failed. Sorry if you > > > received it twice) > > > > > > As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in > > > jessie. i.e. systemctl correctly doesn't allow me to stop services, and > > > pkexec blocks me from executing applications that need privileges. > > > > I couldn't reproduce in my jessie machine either. > > > > > Do you think is it safe to consider jessie as not-affected? Or is it > > > still worth to apply the patch? > > > > I think its okay to mark as not-affected. > > Don't mark issues as not-affected just because some specific reproducer > doesn't trigger. This should only be done if source code analysis > has shown it to be not affected.
Thanks Abhijith and Moritz. For different reasons, and despite the differences with stretch are minimal, I have been unable to carry out a serious source code analysis. I won't be able to actually work on this (including following-up if a reversion/problem arises), so I have unclaimed it. Sorry if it has taken so long. Cheers, S
Description: PGP signature