Hi Reiner, On Fri, Jan 06, 2017 at 12:37:23PM +0100, Reiner Herrmann wrote: > Hi Moritz, > > On Fri, Jan 06, 2017 at 10:53:17AM +0100, Moritz Muehlenhoff wrote: > > there have been new CVE assignments for firejail. Most of them are fixed in > > stretch, but two of those have not made it into a firejail release: > > They are part of the bugfix release 0.9.44.2: > https://github.com/netblue30/firejail/commits/0.9.44-bugfixes > > > https://security-tracker.debian.org/tracker/CVE-2016-10122 > > This was fixed in these commits on the 0.9.44-bugfixes branch: > > https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 > > https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c > > > https://security-tracker.debian.org/tracker/CVE-2016-10118 > > And this is fixed also here: > > https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 > > Can you please mark them as fixed in 0.9.44.2 in the security tracker?
I have updated the status for those two CVEs. Regards, Salvatore
