Bug#955330: iproute2: corrupted output of "altname"
biebl at debian.org
Mon Apr 20 15:55:52 BST 2020
Am 20.04.20 um 16:49 schrieb Marc Zyngier:
> On 2020-04-20 12:39, Luca Boccassi wrote:
>> On Mon, 2020-04-20 at 09:29 +0100, Marc Zyngier wrote:
>>> Hi all,
>>> I just managed to track this down to systemd-udev.
>> You are indeed right, thanks for the analysis.
>> Upstream bug: https://github.com/systemd/systemd/issues/15232
>> Upstream fix: https://github.com/systemd/systemd/pull/15300
>> Introduced by:
> Ah, nice one. You'd hope the compiler would scream at that.
>> I'll leave it to the systemd maintainers to decide whether to backport
>> a fix or wait for a new release.
> Given that this leaks data from a process running as root, and makes
> it visible to unprivileged users, I would say that patching it seems
> to be the sensible course of action.
> But this depends on how bullseye is supported security-wise. Maybe it
> doesn't matter as long as nobody puts it in production... ;-)
As said, it's already fixed in unstable. Just needs a couple of days
until the package can transition to testing.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Pkg-systemd-maintainers