Source: elog Version: 2.9.2+2014.05.11git44800a7-2 Severity: grave Tags: security upstream patch
Hi, the following vulnerability was published for elog. CVE-2016-6342[0]: posting entry as arbitrary username by improper authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6342 Using severity grave, since for at least stretch this should be fixed to be in a fixed version. I OTOH do not know elog well enough to see if the affected setup is actual a frequent one. Could you as well schedule a fix for the stable version via a point-release, cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable Regards, Salvatore