Hi! On Tue, Mar 28, 2017 at 02:27:35PM +0200, intrigeri wrote: > Hi, > > Antoine Beaupre: > > Jessie, on the other hand, does not seem to be vulnerable: > > From my reading of the code, it seems that Wheezy, Jessie and Stretch > are all vulnerable, but only when using sysvinit. I've just fixed this > issue in sid, and filed an unblock request for Stretch. > > But systems running systemd should not be vulnerable, as systemd > doesn't use the "restart" action of initscripts: instead, it runs > "stop" then "start". And the "stop" action in /etc/init.d/apparmor > does not unload profiles (since 2.1+961-0ubuntu2 according to the > changelog). I think this explains why Antoine could not reproduce the > problem on Jessie. > > Salvatore: with this in mind, do you think we should fix this problem > in Jessie? If yes, with a DSA or jessie-pu?
Thanks for the analysis. I just have marked the issue as no-dsa, I think this does not warrant one, but can be fixed in an upcoming point release. Thanks a lot for your quick followups. Regards, Salvatore
