oss-sec mailing list archives
Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
From: Florian Weimer <fweimer () redhat com>
Date: Sun, 01 Mar 2020 11:07:35 +0100
* Alexander E. Patrakov:
Just in case, I would like to complain here that my Fedora 31 systems have not received an update. There is indeed something in testing, but it is (mistakenly?) marked as a bugfix release and not as a security update: https://bodhi.fedoraproject.org/updates/?packages=opensmtpd
I have edited the update and flagged it as security. However, without feedback from community testing (karma), this update cannot be pushed at this time. The package also failed to build on Fedora 32 and 33/rawhide due to C conformance issues, so there are no updates available there. Thanks, Florian
Current thread:
- LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 24)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 24)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 25)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 26)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 29)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Florian Weimer (Mar 01)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 29)
- Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 24)