Am Tue, Oct 27, 2020 at 08:53:28PM +0100 schrieb Salvatore Bonaccorso: > Source: openrc > Version: 0.42-1 > Severity: important > Tags: security upstream > Forwarded: https://github.com/OpenRC/openrc/issues/201 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: found -1 0.40.3-1 > > > CVE-2018-21269[0]: > | checkpath in OpenRC through 0.42.1 might allow local users to take > | ownership of arbitrary files because a non-terminal path component can > | be a symlink.
This got fixed in https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335 Cheers, Moritz
