Hi Khalid, On Thu, Apr 14, 2022 at 01:32:38PM -0600, Khalid Aziz wrote: > On 3/12/21 13:40, Salvatore Bonaccorso wrote: > > Source: kexec-tools > > Version: 1:2.0.20-2.1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for kexec-tools. > > > > CVE-2021-20269[0]: > > | incorrect permissions on kdump dmesg file > > > > Could you check the details here? [2] is slight short on information > > if "known upstream" etc. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2021-20269 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20269 > > [1] https://www.openwall.com/lists/oss-security/2021/03/11/2 > > > > Please adjust the affected versions in the BTS as needed. > > > As I explained in my previous update to this bug, this security issue does > not apply to debian package. This security issue was introduced by the > scripts added in Fedora/Redhat packages. I will close this bug now.
Indeed, and thanks. The fix indeed which is applied to Fedora is https://src.fedoraproject.org/rpms/kexec-tools/c/91c802ff526a0aa0618f6d5c282a9b9b8e41bff8 which is then Fedora/Red Hat specific. Regards, Salvatore
