<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/02d6b1cb8aa39b675950d91d28c4203114228038">02d6b1cb</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2019-01-03T22:06:12Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16888,systemd: Mark as no-dsa for Jessie.

This is arguably a longstanding bug in the PID file logic and systemd is now

stricter when a PID file is owned by an untrusted user. Since daemons and

services in Debian are not untrusted, you would need some other vulnerability to

exploit it and to be able to write into the PID file. In most circumstances PID

files are writable only by root though.

Given there were a lot of code changes, a backport does not seem to be

proportionate at the moment.

Feedback from other team members or the security team would be appreciated

though.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/02d6b1cb8aa39b675950d91d28c4203114228038#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/02d6b1cb8aa39b675950d91d28c4203114228038">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/02d6b1cb8aa39b675950d91d28c4203114228038"}}</script>

</p>

</div>

</body>

</html>