Univention Bugzilla – Full Text Bug Listing |
Summary: | dpkg: Multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | requate |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:F/RL:O/RC:C | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 6.1 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:F/RL:O/RC:C) |
Description
Philipp Hahn
2016-12-09 14:06:08 CET
Package: dpkg Version: 1.16.18.105.201612091413 Branch: ucs_4.1-0 Scope: errata4.1-4 r75162 | Bug #43147: dpkg YAML [Montag, 12. Dezember 2016] [14:39:04] <arvid> phahn: das Advisory dpkg.yaml für errata4.1-4 referenziert http://forge.univention.org/bugzilla/show_bug.cgi?id=41965, das blockiert Janek vermutlich beim Release. (In reply to Arvid Requate from comment #2) > [Montag, 12. Dezember 2016] [14:39:04] <arvid> phahn: das Advisory > dpkg.yaml für errata4.1-4 referenziert > http://forge.univention.org/bugzilla/show_bug.cgi?id=41965, das blockiert > Janek vermutlich beim Release. And how is that related to THIS bug? > And how is that related to THIS bug? cat dpkg.yaml =========================================================================== product: ucs release: "4.1" version: [3,4] scope: ucs_4.1-0-errata4.1-4 src: dpkg fix: 1.16.18.105.201612091413 desc: | This update addresses the following issues: * An off-by-one write access in dpkg-deb when parsing the old format .deb control member size has been fixed (CVE-2015-0860) * dpkg did not correctly handle the upgrade case, were a diverted conffile was moved between two packages. This has been fixed. bug: [43147,41965] cve: - CVE-2015-0860 =========================================================================== Bug #41965 is tagged to UCS 4.2 and open, so mentioning it in the advisory will block the errata release. Ah, now you created Bug 43173 for that, thanks for been cooperative and mentioning that you fixed the yaml or referencing, or assigning the Bug for QA. |