Univention Bugzilla – Bug 44410
eject: Multiple issues (4.2)
Last modified: 2017-07-05 13:06:37 CEST
Upstream Debian package version 2.1.5+deb1+cvs20081104-13.1+deb8u1 fixes:
* dmcrypt-get-device does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. (CVE-2017-6964)
Semi-Automatically imported through Bug #44451
r80749 | Bug #44410: eject.yaml
Ok, I've trimmed down the advisory text a bit and adjusted the version field to also cover errata4.2-0.