<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a62898f80c4680f087792970a95f2e727f6e">32a4a628</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-04-28T07:01:19Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark CVE-2019-384{3,4}/systemd as no-dsa

Attack vector requires control both of an exploitable service and a

helper outside. Futhermore DynamicUsers are not widely used. As per

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596/comments/7

in Debian itself those are yet limited, but still present.

The version in stretch (v232) is the version introducing support for

DynamicUsers, earlier versions as for jessie mght thus even not be

affected but would need to be checked.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a62898f80c4680f087792970a95f2e727f6e#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a62898f80c4680f087792970a95f2e727f6e">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a62898f80c4680f087792970a95f2e727f6e"}}</script>

</p>

</div>

</body>

</html>