On 2020-11-09 14:04:02, Sylvain Beucler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian LTS Advisory DLA-2441-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ > November 09, 2020 https://wiki.debian.org/LTS > - ------------------------------------------------------------------------- > > Package : sympa > Version : 6.2.16~dfsg-3+deb9u4 > CVE ID : CVE-2018-1000671 CVE-2020-26880 > Debian Bug : 908165 972189
What's up with those bug reports? #908165 refers to CVE-2018-1000671 but
#972189 refers to CVE-2020-10936, not CVE-2020-26880.
Also, CVE-2020-26880 is marked as unfixed in the security tracker (and
the upstream bugtracker), but not CVE-2020-10936...
Which one is which? Is the sympa package in Debian LTS still vulnerable
to privilege escalation?
A.
--
The true revolutionary is guided by a great feeling of love.
- Ernesto "Che" Guevara
signature.asc
Description: PGP signature
