<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f">f6662c2a</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-11-18T15:25:28Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update status for CVE-2019-18862/mailutils

The utility actually should have been setuid:

   * The maidag utility is withdrawn

   The main purpose of this utility was to work as local mail delivery

   agent (MDA), a program responsible for final delivery of email

   messages to the recipient's mailbox. As such it required suid

   privileges.

As in every suite the binary is not installed setuid, consider it unimportant

making it a non-issue for the privilege escalation.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f"}}</script>

</p>

</div>

</body>

</html>