[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-18862/mailutils

Salvatore Bonaccorso carnil at debian.org
Mon Nov 18 15:26:27 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6662c2a by Salvatore Bonaccorso at 2019-11-18T15:25:28Z
Update status for CVE-2019-18862/mailutils

The utility actually should have been setuid:

   * The maidag utility is withdrawn

   The main purpose of this utility was to work as local mail delivery
   agent (MDA), a program responsible for final delivery of email
   messages to the recipient's mailbox. As such it required suid
   privileges.

As in every suite the binary is not installed setuid, consider it unimportant
making it a non-issue for the privilege escalation.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -471,10 +471,8 @@ CVE-2019-18864
 CVE-2019-18863
 	RESERVED
 CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
-	- mailutils <unfixed> (bug #944265)
-	[jessie] - mailutils <not-affected> (/usr/sbin/maidag not installed suid root on Debian)
-	[stretch] - mailutils <not-affected> (/usr/sbin/maidag not installed suid root on Debian)
-	[buster] - mailutils <not-affected> (/usr/sbin/maidat not installed suid root on Debian)
+	- mailutils <unfixed> (unimportant; bug #944265)
+	NOTE: /usr/sbin/maidat not installed suid root on Debian
 CVE-2019-18861
 	RESERVED
 CVE-2019-18860



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6662c2af932aff79870d0032fbab905250e479f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/be464b9d/attachment.html>

More information about the debian-security-tracker-commits mailing list