<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d">dc9ba41f</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-06-30T22:22:24+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add CVE-2020-11935/aufs

Technically if there would not be stretch the issue could be marked as

unimportant. The issue is exploitable if the kernel has CONFIG_IMA

enabled. CONFIG_IMA was enabled at some point including up to stretch

but later on reverted. Both buster and (current) unstable src:linux do

not have CONFIG_IMA enabled.

Still src:aufs should ideally be ixed, for buster enough in a point

release.

For stretch the situation is more complex, as many other (security

relevant) aufs issues have never been fixed. It might be worth marking

the version in stretch as end-of-life.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d"}}</script>

</p>

</div>

</body>

</html>