Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6662c2a by Salvatore Bonaccorso at 2019-11-18T15:25:28Z
Update status for CVE-2019-18862/mailutils
The utility actually should have been setuid:
* The maidag utility is withdrawn
The main purpose of this utility was to work as local mail delivery
agent (MDA), a program responsible for final delivery of email
messages to the recipient's mailbox. As such it required suid
privileges.
As in every suite the binary is not installed setuid, consider it unimportant
making it a non-issue for the privilege escalation.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -471,10 +471,8 @@ CVE-2019-18864
CVE-2019-18863
RESERVED
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and
allows loca ...)
- - mailutils <unfixed> (bug #944265)
- [jessie] - mailutils <not-affected> (/usr/sbin/maidag not installed
suid root on Debian)
- [stretch] - mailutils <not-affected> (/usr/sbin/maidag not installed
suid root on Debian)
- [buster] - mailutils <not-affected> (/usr/sbin/maidat not installed
suid root on Debian)
+ - mailutils <unfixed> (unimportant; bug #944265)
+ NOTE: /usr/sbin/maidat not installed suid root on Debian
CVE-2019-18861
RESERVED
CVE-2019-18860
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
