Package: wnpp
Severity: wishlist
Owner: Roger Kalt
* Package name: elog
Version : 2.9.2+git20140511
Upstream Author : Stefan Ritt
* URL : http://midas.psi.ch/elog/
* License : GPLv3
Programming Lang: C
Description : Logbook system to manage notes
342_fix to grant access
+to logbooks also as normal login user (Closes: #851909)
+
+ -- Roger Kalt Thu, 19 Jan 2017 22:45:52 +0100
+
elog (2.9.2+2014.05.11git44800a7-2+deb8u1) jessie; urgency=medium
* Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
diff -Nru
Yes, I can confirm I was able to reproduce and it was the patch which was not
correctly backported for deb8u1.
Please test the UNRELEASED deb8u2 version available from here and give feedback:
https.//www.helferplan.ch/debian/
Kind regards
Roger
On 02/02/2017 02:22 PM, Christopher Huhn wrote:
>
dded patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
+arbitrary username (Closes: #836505, CVE-2016-6342)
+
+ -- Roger Kalt Mon, 12 Sep 2016 20:22:36 +0200
+
elog (2.9.2+2014.05.11git44800a7-2) unstable; urgency=low
* debian/control:
diff -Nru elog-2.9.2+2014.05.11git44800a7/debi
9.2+2014.05.11git44800a7-2+deb8u1) jessie; urgency=medium
+
+ * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as
+arbitrary username (Closes: #836505, CVE-2016-6342)
+
+ -- Roger Kalt Sat, 17 Sep 2016 20:22:36 +0200
+
elog (2.9.2+2014.05.11git44800a7-2) unstable; urgency=low
Package:ftp.debian.org
Severity: normal
I think elog should be removed from Debian. There are several open CVEs
for the elog package in Debian. These are resolved in the most recent
upstream version of elog.
But since there is no active maintainership, it is better to remove the
outdated and inse
6 matches
Mail list logo