New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix CVE-2020-13776 in 245.x #70
Comments
Prepared changes in #71... |
244 is not affected by this bug? |
According to https://nvd.nist.gov/vuln/detail/CVE-2020-13776, up to and including 245 is affected. Not sure on the backporting policies for systemd-stable, though (as in, whether upstream backport patches, or downstream distros need to take care of it) |
I backported it manually to my 244.4 installation. |
This was fixed by #71. |
systemd version the issue has been seen with
Used distribution
The current
systemd-stable
release, 245.6 doesn't yet contain the fixes necessary to migitate CVE-2020-13776.Can you please cherry-pick 156a5fd (and the prerequisite b934ac3) to the
v245-stable
and tag a new point release?It seems most upstream distributions use these tags for their stable distributions: NixOS/nixpkgs#91048 (comment)
There have been some follow-up fixes in systemd/systemd#16033, but that patchset is quite big, so probably best to just pick the 2 above commits.
The text was updated successfully, but these errors were encountered: