Am 05.05.22 um 17:10 schrieb Salvatore Bonaccorso:
Source: rsyslog Version: 8.2204.0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>Hi, The following vulnerability was published for rsyslog. Filling for now as grave, but we might downgrade. Probably affected configurations are not that common if I understood correctly, the advisory has some comments about it as well[1].
Yeah, I think this feature is obscure enough (and not enabled by default) that non-RC severity is fine.
OpenPGP_signature
Description: OpenPGP digital signature
