I won't be able to attend to it in time, for personal reasons. Let's hope somebody beats me before I'm back
s3nt fr0m a $martph0ne, excuse typ0s On Tue, Oct 25, 2022, 01:51 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: multipath-tools > Version: 0.9.0-4 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > t...@security.debian.org> > Control: found -1 0.7.9-3 > > Hi, > > The following vulnerabilities were published for multipath-tools. > > CVE-2022-41973[0]: > | Symlink attack > > CVE-2022-41974[1]: > | Authorization bypass > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-41973 > https://www.cve.org/CVERecord?id=CVE-2022-41973 > [1] https://security-tracker.debian.org/tracker/CVE-2022-41974 > https://www.cve.org/CVERecord?id=CVE-2022-41974 > [2] https://www.openwall.com/lists/oss-security/2022/10/24/2 > > Regards, > Salvatore > >
