hylafax 3:6.0.7-3.1 source package in Debian
Changelog
hylafax (3:6.0.7-3.1) unstable; urgency=medium
* NMU
* Bug fix: "FTBFS: Incompatible TIFF Library.", thanks to Lucas Nussbaum
(Closes: #978220).
* Bug fix: "CVE-2020-15397 CVE-2020-15396", thanks to Moritz Muehlenhoff
(Closes: #964198):
- The faxsetup utility
calls chown on files in user-owned directories.
By winning a race, a local attacker could use
this to escalate his privileges to root.
- Scripts that execute binaries from directories
writable by unprivileged users (e.g., locations under
/var/spool/hylafax that are
writable by the uucp account). This allows these users to
execute code in the context of the user calling these binaries
(often root).
-- Bastien Roucariès <email address hidden> Wed, 13 Jan 2021 13:00:13 +0000
Upload details
- Uploaded by:
- Giuseppe Sacco
- Uploaded to:
- Sid
- Original maintainer:
- Giuseppe Sacco
- Architectures:
- any
- Section:
- comm
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bullseye | release | main | comm |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| hylafax_6.0.7-3.1.dsc | 2.1 KiB | 4d40e1af063615325bdd81a6301dd1804eeeb8f9d99a1fa8ab9d9ee3c53d9eb5 |
| hylafax_6.0.7.orig.tar.gz | 1.2 MiB | a3dcb1a7fd8794bd33cea9a9414c32da100119dd2131bd08ab3ab3749fc30315 |
| hylafax_6.0.7-3.1.debian.tar.xz | 64.6 KiB | 227d13881526c60b9bd1fcb00851cfcc30eab691f332a2b11f98b4eca4a0f75c |
Available diffs
- diff from 3:6.0.7-3 to 3:6.0.7-3.1 (2.1 KiB)
No changes file available.
