Bug#901798: cantata: contains insecure mount.cifs wrapper, cantata-mounter
Simon McVittie
smcv at debian.org
Tue Jun 19 10:17:30 BST 2018
Control: retitle -1 cantata: contains insecure mount.cifs wrapper, cantata-mounter
On Mon, 18 Jun 2018 at 22:11:55 +0200, Salvatore Bonaccorso wrote:
> Unstable binary package has both
>
> /usr/share/dbus-1/system-services/mpd.cantata.mounter.service
>
> and
>
> /usr/lib/cantata/cantata-mounter
Huh. apt-file agrees with you, so yes, this is a real security issue,
and you were correct to escalate it to grave severity. I was looking at
https://packages.debian.org/sid/amd64/cantata/filelist which for some
reason doesn't list those files.
smcv
More information about the pkg-multimedia-maintainers
mailing list