Bug#825059: CVE-2015-8842
Moritz Mühlenhoff
jmm at inutil.org
Wed Jul 13 09:56:57 BST 2016
On Sun, Jul 03, 2016 at 03:13:32PM +0200, Michael Biebl wrote:
> Version: 215-1
>
> Am 01.07.2016 um 17:28 schrieb Michael Biebl:
> > This means, users who installed jessie from scratch and never had 214-1
> > installed, won't be affected.
>
> Or upgraded directly from wheezy to jessie
>
> > Only if a (unstable) user had /var/log/journal enabled and 214-1
> > installed in the past, he might end up with a systemd.journal which has
> > the wrong permissions.
> > The commit [1] basically fixes up borked permissions of existing
> > system.journal files. And if he's an (up-to-date) unstable user, he has
> > already received the update in 230-1.
> >
> > So, considering this, I don't think this will be an issue in practice
> > and I think we can safely close this issue.
> >
> > Waiting for your confirmation though, before doing so.
>
> After further consideration, I'm going to close this bug report.
> The offending tmpfiles snippet was removed in 215, so we don't really
> need the fixup from v229.
>
> Moritz, can you mark the issue accordingly in the security tracker?
Confirmed. I have upgraded the security tracker.
Cheers,
Moritz
More information about the Pkg-systemd-maintainers
mailing list