[systemd-devel] journald cves on 239
stefan at schweter.it
stefan at schweter.it
Thu Jan 24 14:55:35 UTC 2019
Am 2019-01-24 15:34, schrieb Umut Tezduyar Lindskog:
> Hello,
>
> We are on systemd 239 and we would like to patch following CVEs
> without jumping to 240.
>
> CVE-2018-16864
> CVE-2018-16865
> CVE-2018-16866
>
> Can someone please help us out and point the commits that we need to
> back-port since 239 was tagged?
>
Hi,
relevant commits should be:
https://github.com/systemd/systemd/commit/084eeb865ca63887098e0945fb4e93c852b91b0f
(CVE-2018-16864)
https://github.com/systemd/systemd/commit/052c57f132f04a3cf4148f87561618da1a6908b4
https://github.com/systemd/systemd/commit/ef4d6abe7c7fab6cbff975b32e76b09feee56074
(both CVE-2018-16865)
https://github.com/systemd/systemd-stable/commit/289246d6c0e4d794421707e30998d66a4fa51399
(CVE-2018-16866)
Cheers,
Stefan
More information about the systemd-devel
mailing list