Control: tags -1 + stretch Hello,
On 12/22/2017 11:37 PM, Salvatore Bonaccorso wrote: > the following vulnerability was published for open-iscsi, whilest only > "one" of the issues from the qualys report has a CVE, cf. [1], all > fixes from [2] should preferably be applied. Cf. as well [3]. Thanks for reporting this. It wasn't mentioned on the official open-iscsi mailing list, and the fact that I've missed the pull request alerted me to the fact that I wasn't watching the upstream github repository. (Which I've now rectified.) I've now uploaded -5 that includes all patches in the pull request you've mentioned. I've seen in the security tracker you've marked this no-DSA, so I assume I should ask the Release team for a p-u to get this fixed in Stretch? Note: neither Wheezy nor Jessie include iscsiuio (this was added in Stretch), so they are not affected by this bug, so only Stretch is also vulnerable. (stretch-backports is vulnerable, which I'll fix once a fix for stretch has been uploaded.) It would be great if you could update the security tracker to reflect this. Regards, Christian
signature.asc
Description: OpenPGP digital signature
