FS#56398 - [procmail] [Security] arbitrary code execution (CVE-2017-16844)
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 21 November 2017, 14:40 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 21 November 2017, 18:51 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 21 November 2017, 14:40 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 21 November 2017, 18:51 GMT
|
Details
Summary
======= The package procmail is vulnerable to arbitrary code execution via CVE-2017-16844. Guidance ======== A new release seems unlikely since procmail is not maintained anymore, so it would be nice if we could backport the patch found in [2]. Thanks! References ========== [1]: https://security.archlinux.org/AVG-515 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Tuesday, 21 November 2017, 18:51 GMT
Reason for closing: Fixed
Additional comments about closing: 3.22-8
Tuesday, 21 November 2017, 18:51 GMT
Reason for closing: Fixed
Additional comments about closing: 3.22-8