Bugzilla – Bug 1155395
VUL-0: CVE-2019-18602: openafs: information disclosure via uninitialized scalars are sent over the network
Last modified: 2019-12-09 07:43:33 UTC
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information
disclosure vulnerability because uninitialized scalars are sent over the network
to a peer.
Same comment as in #1155396
The upstream security-fixed version is already accepted in openSUSE:Factory.
Somehow I can't figure out how to get that into LEAP 15.1
Normal submission tells me to use the maintenance workflow
and this one says:
hanke@dijon:/srv/OBS/home:hauky:branches:OBS_Maintained:openafs/openafs.openSUSE_Leap_15.1_Update> osc maintenancerequest --incident=1155396 openSUSE:Factory openafs openSUSE:Leap:15.1:Update
Using target project 'openSUSE:Maintenance:1155396'
Server returned an error: HTTP Error 404: Not Found
So, what to do ?
Maitenance request to upgrade to openafs-1.8.5 for Leap 15.1 accepted