Hello Debbie, > Are all of the security issues you listed below corrected by the > patches you made available at: > https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch ?
well the patch is kind of a hotfix that adresses the most serious aspects of the findings. It also breaks existing packaging, however, because config files owned by the tss user are no longer accepted. Finding d), the bad example RPM spec file is not covered by the patch. It should be possible to take over the patch into the upstream repository if you communicate to users that this is a breaking change. Cheers Matthias
signature.asc
Description: PGP signature
_______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
