Source: libosinfo Version: 1.2.0-1 Severity: normal Tags: security upstream Forwarded: https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html Control: found -1 1.0.0-2
Hi, The following vulnerability was published for libosinfo. CVE-2019-13313[0]: | libosinfo 1.5.0 allows local users to discover credentials by listing | a process, because credentials are passed to osinfo-install-script via | the command line. The issue is addressed by introducing a new --config-file option and error out whenever a password is passed via --config. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13313 [1] https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html Regards, Salvatore
