Source: seatd Version: 0.6.3-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for seatd. CVE-2022-25643[0]: | seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with | escalated privileges when installed setuid root. The attack vector is | a user-supplied socket pathname. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-25643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25643 [1] https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E Regards, Salvatore