Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#69855 - [profile-sync-daemon] inetutils dependency may not be needed
Attached to Project:
Community Packages
Opened by BH (braderhart) - Tuesday, 02 March 2021, 12:17 GMT
Last edited by David Runge (dvzrv) - Monday, 05 July 2021, 16:27 GMT
Opened by BH (braderhart) - Tuesday, 02 March 2021, 12:17 GMT
Last edited by David Runge (dvzrv) - Monday, 05 July 2021, 16:27 GMT
|
DetailsDescription:
inetutils is currently impacted by a high risk arbitrary code execution vulnerability. It isn't listed as a dependency for installation: https://github.com/graysky2/profile-sync-daemon/blob/master/INSTALL Additional info: * package version: 6.44-1 * link to inetutils security vulnerability: * https://security.archlinux.org/AVG-1003 |
This task depends upon
Closed by David Runge (dvzrv)
Monday, 05 July 2021, 16:27 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 6.44-2
Monday, 05 July 2021, 16:27 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 6.44-2
[1] https://github.com/graysky2/profile-sync-daemon/commit/959789e514622d6bf9b9b52fe696d089029ed33e
Will release a new version of the package with inetutils removed from depends.