Hi,
Following user questions, here's my understanding of the current situation:
- The issue is partially fixed in Debian by optionally not setting the
setuid permissions (debconf question), and setting 'aliases_program' to
a method that does not require root (postmap/postalias for Postfix,
/b
Hi Stefan,
On 05/11/2020 15:29, Stefan Hornburg (Racke) wrote:
On 11/5/20 3:19 PM, Sylvain Beucler wrote:
@racke, following your work at
https://github.com/sympa-community/sympa/pull/1015
it seems we'd need a new debconf question to ask the user whether they want the
setuid wrapper to be activ
On 11/5/20 3:19 PM, Sylvain Beucler wrote:
> Hi,
>
> @racke, following your work at
> https://github.com/sympa-community/sympa/pull/1015
> it seems we'd need a new debconf question to ask the user whether they want
> the setuid wrapper to be activated or not.
>
Yes, good idea. But it would make
Hi,
@racke, following your work at
https://github.com/sympa-community/sympa/pull/1015
it seems we'd need a new debconf question to ask the user whether they
want the setuid wrapper to be activated or not.
This could be added even before the pull request merged I think, as
toggling the setuid
Source: sympa
Version: 6.2.40~dfsg-7
Severity: important
Tags: security upstream
Forwarded: https://github.com/sympa-community/sympa/issues/1009
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sympa, but this is
mainly for having a tracking
5 matches
Mail list logo
