Bug#918841: systemd: CVE-2018-16864
Kai Bojens
kb at artfiles.de
Fri Jan 18 14:28:38 GMT 2019
>> Should we mark old-stable as not affected given the remark that the
>> vulnerability is exploitable since v230?
>> https://security-tracker.debian.org/tracker/CVE-2018-16864
> I do not think so, not-affected would mean the issue is not present.
> CVE-2018-16864 though is introduced in v203 itself (see the Qualys
> report). Maybe it needs to be discussed in the context of v215 if it
> needs a corresponding update or not (that is no-dsa/ignored).
As of now all three recent CVEs are marked as "vulnerable" for jessie.
Is there a chance that these will get fixed for jessie?
More information about the Pkg-systemd-maintainers
mailing list