Hi Jordi, On Fri, Nov 22, 2019 at 02:22:00PM +0100, Jordi Mallach wrote: > Hi all, > > El dl. 11 de 11 de 2019 a les 21:32 +0100, en/na Salvatore Bonaccorso > va escriure: > > Control: retitle -1 mailutils: local privilege escalation in maidag > > utility (fixed in 3.8) (CVE-2019-18862) > > Given this does not affect Debian by default, should my upload go > through debian-security or just s-p-u? > > https://salsa.debian.org/debian/mailutils/commit/c1683e71301e3c7454ab407334a211759148d47e
I agree, that this does not warrant a DSA, so going via a point release is fine. We have marked it with unimportant severity in the security-tracker due to it's not installed setuid in any of the supported suites. Thanks for your work! Regards, Salvatore
