On Wed, Jul 08, 2020 at 09:07:25AM +0100, Jeremy Sowden wrote: ... > The new upstream release added extra checks to ensure that the object at > the end of the path is a device file of the right sort before opening > it: ... > However, the error messages still leak information, allowing the user to > test for the existence of arbitrary files: ... > The patch changes the error messages to prevent this: ...
Oh, I think I understand now. So I reckon with the extra patch this CVE
is fixed.
I'm going to upload this soon :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
