[DRE-maint] Bug#992786: passenger uses many vendored libraries
Adrian Bunk
bunk at debian.org
Wed Aug 25 21:15:38 BST 2021
On Mon, Aug 23, 2021 at 08:18:42AM -0400, Michael Lazin wrote:
> I am new to this list and would like to get involved, but I am a relative
> beginner in programming. I understand from looking at this CVE that it is
> triggered by a particular type of API call, which is probably unlikely in
> the wild, unless prior recon has been done and there is already a threat
> actor inside. The threat is less than six. I work in security and I have
> seen many environments where threats this low are not patched.
>...
Debian has already issued a security advisory for this specific
vulnerabily for the libuv1 package (and sent to the wrong list):
https://www.debian.org/security/2021/dsa-4936
My bug report was about passenger having copies of libraries that might
also be vulnerable to CVEs like for example this one.
> If I would
> have time and would want to volunteer help, can someone instruct me how to
> get started? Thank you in advance. I apologize if I am making noise on the
> list, I just signed up. I thought QA would be an easy way to get started
> in the Debian community. Thanks.
That's appreciated.
General information:
https://www.debian.org/intro/help
The debian-mentors mailing list would be a good starting point for
helping other contributors with problems packaging and maintaining
software in Debian.
> Michael Lazin
>...
cu
Adrian
More information about the Pkg-ruby-extras-maintainers
mailing list