On 07/12/2020 12:06, Stefan Hornburg (Racke) wrote:
On 12/7/20 10:52 AM, Sylvain Beucler wrote:
This high-severity issue was marked with:
[buster] - sympa (Will be fixed via point release)
Consequently I am surprised that it wasn't part of last week's Debian 10.7
point release.
What
On 12/7/20 10:52 AM, Sylvain Beucler wrote:
> Hi,
>
> On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)"
> wrote:
>> On 10/7/20 3:03 PM, Sylvain Beucler wrote:
>> > I noticed this local root escalation yesterday and I'm working on a
>> > Stretch LTS update.
>> > See also
Hi,
On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)"
wrote:
On 10/7/20 3:03 PM, Sylvain Beucler wrote:
> I noticed this local root escalation yesterday and I'm working on a
> Stretch LTS update.
> See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1
>
> Are there
package: sympa
severity: critical
tags: upstream security patch
Security advisory: https://sympa-community.github.io/security/2020-002.html
Excerpt:
--snip--
A vulnerability has been discovered in Sympa web interface by which attacker
can execute arbitrary code with root
privileges.
Sympa
4 matches
Mail list logo
