On Jan/04, Louis Bouchard wrote:
> Package: sosreport
> Version: 3.2-2
> Severity: critical
> Tags: security
> Justification: root security hole
This issue is marked "no-dsa" in the security tracker[1] (because it is
mitigated by the use of fs.protected_symlinks).
It could, however, possibly be included into stable via
stable-proposed-updated, if both:
- the maintainer is OK to backport the relevant fix against the
version currently in stable
- release managers are OK to include it in the next SPU
Cheers,
--Seb
[1] https://security-tracker.debian.org/tracker/CVE-2015-7529
