Re: libqb / CVE-2019-12779

To: debian-lts@lists.debian.org
Subject: Re: libqb / CVE-2019-12779
From: Markus Koschany <apo@debian.org>
Date: Tue, 18 Jun 2019 15:05:23 +0200
Message-id: <[🔎] b1dc8ffd-01cb-7f2b-b490-058da3fa7bf6@debian.org>
In-reply-to: <[🔎] 87sgs7z5ay.fsf@silverfish.pri>
References: <[🔎] 87sgs7z5ay.fsf@silverfish.pri>

Hello,

Am 18.06.19 um 10:05 schrieb Brian May:
> The upstream patch patches "c->description" which is not used in
> Jessie. OK, so probably not vulnerable.

[...]

I requested feedback from upstream about CVE-2019-12779 before.

https://github.com/ClusterLabs/libqb/issues/338

It seems they do not agree that kernel hardening is completely
sufficient because there may be more "vectors pertaining this problem".
I would talk with them about your findings directly and ask them for a
clarification.

Regards,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- libqb / CVE-2019-12779
  - From: Brian May <brian@linuxpenguins.xyz>

Prev by Date: Re: libqb / CVE-2019-12779
Next by Date: Re: testing bind9 for Jessie LTS
Previous by thread: Re: libqb / CVE-2019-12779
Next by thread: Re: testing bind9 for Jessie LTS
Index(es):
- Date
- Thread