• Chris Coulson's avatar
    Import Debian changes 237-3ubuntu10.6 · a375a3e2
    Chris Coulson authored
    systemd (237-3ubuntu10.6) bionic-security; urgency=medium
    
      * SECURITY UPDATE: reexec state injection
        - debian/patches/CVE-2018-15686.patch: when deserializing state always use
          read_line(…, LONG_LINE_MAX, …) rather than fgets()
        - CVE-2018-15686
      * SECURITY UPDATE: chown_one() can dereference symlinks
        - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
        - CVE-2018-15687
      * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
        - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
          recursively through directory trees
        - CVE-2018-6954
    a375a3e2
To find the state of this project's repository at the time of any of these versions, check out the tags..
changelog 264 KB