-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: tmpreaper
Version: 1.6.13+nmu1+deb8u1
CVE ID : CVE-2019-3461
Debian Bug : 918956
It was discovered that tmpreaper, a program that cleans up files in
directories based on their age, is vulnerable to a race
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 23 Jan 2019 09:33:21 +0100
Source: tmpreaper
Binary: tmpreaper
Architecture: source amd64
Version: 1.6.13+nmu1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Paul Slootman
Changed-By: Hugo Lefeuvre
Hi Steve,
On 22/01/2019 14:50, Steve McIntyre wrote:
> On Tue, Jan 22, 2019 at 01:44:12PM +, Ben Hutchings wrote:
>> However, APT is used during initial installation and we don't have any
>> provision for updating installer images during LTS. So we're either
>> going to have to revisit that
Hi Moritz,
> The new libmount dependency is necessary for the new check used by the
> security
> fix. Most of the additional autoconf noise is related to that new dependency
> and to the fact that the last upload to unstable before the 1.6.14 one was in
> 2010.
>
> If the debdiff for jessie is
On Thu, Jan 24, 2019 at 09:16:37AM +0100, Hugo Lefeuvre wrote:
> Dear security team,
>
> I'm currently preparing a jessie security update addressing CVE-2019-3461,
> based on 1.6.13+nmu1+deb9u1 (stretch version).
>
> I see that the diff is quite huge (same code as buster 1.6.14 right?) and
>
Dear security team,
I'm currently preparing a jessie security update addressing CVE-2019-3461,
based on 1.6.13+nmu1+deb9u1 (stretch version).
I see that the diff is quite huge (same code as buster 1.6.14 right?) and
adds a new libmount-dev dependency. I've had a look at the diff, tested it
in