Bug#825059: CVE-2014-9770 vs CVE-2015-8842
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 3 16:47:05 BST 2016
Hi Michael,
On Sun, Jul 03, 2016 at 01:15:15PM +0000, Debian Bug Tracking System wrote:
> After further consideration, I'm going to close this bug report.
> The offending tmpfiles snippet was removed in 215, so we don't really
> need the fixup from v229.
>
> Moritz, can you mark the issue accordingly in the security tracker?
I though think we are mixing two CVEs here. The commit you references
for 214 was assigned a different CVE:
Cf. CVE-2014-9770 vs. CVE-2015-8842.
But I have added a note additionally to the no-dsa that it does not
affect jessie installations in practice to the security-tracker notes.
Review welcome :-)
For referene the two CVE (which though are related):
https://security-tracker.debian.org/CVE-2014-9770
https://security-tracker.debian.org/CVE-2015-8842
It's a bit complex how MITRE has assigned the CVEs to the SuSE request
possibly. But the commits referenced for the two should reflect the
original assingment at
https://marc.info/?l=oss-security&m=146031729006090&w=2
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list