Hi! On Sun, 2017-10-01 at 00:23:16 +0200, Moritz Muehlenhoff wrote: > Source: kannel > Severity: important > Tags: security
> Please see: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14609 > https://redmine.kannel.org/issues/771 I think that report is bogus. If this is an actual issue at all it might be in OpenRC's fork of start-stop-daemon. dpkg's version uses all match options to limit what it will be acting on. Which in this case means, that the stop will be restricted by the pid in the pidfile and the current running process pointing to the system absolute path for run_kannel_box. As I mentioned on the upstream bug, the init scripts could be made a bit more robust by using the --user match option, but this would not imply we have suddenly fixed any kind of security issue here. Thanks, Guillem
