-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cinnamon Version : 2.2.16-5+deb8u1 CVE ID : CVE-2018-13054 Debian Bug : #903201
It was discovered that there was a symlink attack in the Cinnamon desktop environment. An attacker could overwrite an arbitrary file on the filesystem via a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs as root). For Debian 8 "Jessie", this issue has been fixed in cinnamon version 2.2.16-5+deb8u1. We recommend that you upgrade your cinnamon packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltIaBsACgkQHpU+J9Qx HlgISw//QzvO4+yb23ZbpZz9YiKtJxtJgwJmuw9xauh4mDpadvDZ+i6BBVlP72MZ joVI9Xo+pwpq/1UzDcUJ2cndhUhpGzACT43SvGR3N/Rv01WtNP1VZzJsR4zzmMTO jwBXDeFi8HGxj9V+F3YBpyrEAOXnpCCsuVMy3GD8fyaSvFWfRfIrQuwzjn4xWQQR b86WUJgkuzOmG9F8Mizz8UVYICDRU92mwpJMY2sLnBjYLR+6d4GFPdnsOR3rYEql p5oOMvIygV6dY5FI4HpwjrRkRqXlBJuygHBvjcuaU+Dipp7r0nw0ICJgpPleL37H AsJ/9KjHrbPtK0S42r1XDMQc69MragQ1tMyrdxjOfBaN/ItGl4QSuEVAKRbSwTx/ 6p8jxhV5aq7ZesY+vQRzPSj5CG48M+beUKbl8XfNQr0QEpXAtfEO74TlWTI6YNr5 rET/fjJtTWWJRTPO5JAmb51EHEW9SDi6sS0AB6dqTIc6UiTl2+IxSPIlnnVidMt6 WaNVCFq7gYSReHofn+tfhGf1cWtx7snrn0OWRnx9mvZS5JYOhYlVY9PyrwvgUkgH 7T3cHV0rv8HM3lV1Ii82iVOpAzveQy2iGUNPzKRPZDYQnQUqQCCqI2Ec8GgFK+Nk Xqmyxb7pai5qVZf0t2L5LLLRgNr0YLr2EskcSLkCjgWXDX0k22E= =oDiZ -----END PGP SIGNATURE-----