Package: e2fsprogs Version: Severity: grave Tags: security Justification: user security hole
E2fsprogs 1.45.5 contains a bug fix for a use after free which could potentially be used to run malicious code if a user can be tricked into running e2fsck on a maliciously crafted file system. The following commit should be backported to Debian Buster (it is not applicable to older versions of e2fsprogs): 101e73e9 - e2fsck: fix use after free in calculate_tree() No exploit exists today as far as I know, but we should backport this fix while we are addressing CVE-2019-5188 (Bug: #948508).
