[Secure-testing-team] Bug#836505: elog: CVE-2016-6342: posting entry as arbitrary username by improper authentication
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 3 14:51:57 UTC 2016
Source: elog
Version: 2.9.2+2014.05.11git44800a7-2
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for elog.
CVE-2016-6342[0]:
posting entry as arbitrary username by improper authentication
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6342
Using severity grave, since for at least stretch this should be fixed
to be in a fixed version. I OTOH do not know elog well enough to see
if the affected setup is actual a frequent one.
Could you as well schedule a fix for the stable version via a
point-release, cf.
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
Regards,
Salvatore
More information about the Secure-testing-team
mailing list