severity 809844 important thanks On Mon, Jan 04, 2016 at 05:28:27PM +0100, Louis Bouchard wrote: > Package: sosreport > Version: 3.2-2 > Severity: critical > Tags: security > Justification: root security hole
Debian uses fs.protected_symlinks by default (and we also mandate it for custom-built kernels, see https://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.en.html#security ) Feel free to fix this in a jessie point release, though. See here for details: https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable Cheers, Moritz
