Hi,
Thank you for feedback.
On Sun, 9 Jun 2019 19:03:19 +0200 Salvatore Bonaccorso
wrote:
> Hi,
>
snip
> This should not close the bug yet as it only adresses CVE-2019-11502.
> #928052 both tracks CVE-2019-11502 CVE-2019-11503. So onless I miss
> smoething the changes to fix CVE-2019-11503
Hi,
I have not reviewed the whole patch but the following appeared on my
redar while reviewing:
On Sun, Jun 09, 2019 at 05:09:15PM +0900, Kentaro Hayashi wrote:
> + [ Kentaro Hayashi ]
> + * Non-maintainer upload.
> + * d/patches/CVE-2019-11502.patch: fix unintended access to a private /tmp
>
control: tags -1 +patch
I've tried to fix only CVE-2019-11502 as a challenge.
The debdiff patch is added.
I hope it will help to fix.
diff -Nru snapd-2.37.4/debian/changelog snapd-2.37.4/debian/changelog
--- snapd-2.37.4/debian/changelog 2019-03-01 02:21:26.0 +0900
+++
control: tags -1 +fixed-upstream
On Fri, 26 Apr 2019 23:04:05 +0200 Moritz Muehlenhoff wrote:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11502
It was fixed in upstream 2.38
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
>
Source: snapd
Severity: grave
Tags: security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11503
Cheers,
Moritz
5 matches
Mail list logo
