Package:ftp.debian.org
Severity: normal
I think elog should be removed from Debian. There are several open CVEs
for the elog package in Debian. These are resolved in the most recent
upstream version of elog.
But since there is no active maintainership, it is better to remove the
outdated and
to grant access
+to logbooks also as normal login user (Closes: #851909)
+
+ -- Roger Kalt <roger.k...@gmail.com> Thu, 19 Jan 2017 22:45:52 +0100
+
elog (2.9.2+2014.05.11git44800a7-2+deb8u1) jessie; urgency=medium
* Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
diff -Nr
Yes, I can confirm I was able to reproduce and it was the patch which was not
correctly backported for deb8u1.
Please test the UNRELEASED deb8u2 version available from here and give feedback:
https.//www.helferplan.ch/debian/
Kind regards
Roger
On 02/02/2017 02:22 PM, Christopher Huhn wrote:
9.2+2014.05.11git44800a7-2+deb8u1) jessie; urgency=medium
+
+ * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
+arbitrary username (Closes: #836505, CVE-2016-6342)
+
+ -- Roger Kalt <roger.k...@gmail.com> Sat, 17 Sep 2016 20:22:36 +0200
+
elog (2.9.2+2014.05.
0005_elogd_CVE-2016-6342_fix to fix posting entry as
+arbitrary username (Closes: #836505, CVE-2016-6342)
+
+ -- Roger Kalt <roger.k...@gmail.com> Mon, 12 Sep 2016 20:22:36 +0200
+
elog (2.9.2+2014.05.11git44800a7-2) unstable; urgency=low
* debian/control:
diff -Nru elog
Package: wnpp
Severity: wishlist
Owner: Roger Kalt roger.k...@gmail.com
* Package name: elog
Version : 2.9.2+git20140511
Upstream Author : Stefan Ritt stefan.r...@psi.ch
* URL : http://midas.psi.ch/elog/
* License : GPLv3
Programming Lang: C
Description
6 matches
Mail list logo