From ${URL} : A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of the user running the program. This issue is fixed upstream via the following commit: http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 References: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg16595.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The fix is included in the 212 release. I don't think this is worth rushing a stabilization.
since there is a stable repository I guess they will backport the fix to the 208 series if it s affected, could you check?
Lennart marked it with Backport: bugfix, but it has not yet been integrated into either the v208-stable or v210-stable branches.
This should be fixed for a long long time in stable
This bug is quite old/stale. The fix has been in stable for quite some time.
Like already said was fixed by upstream in v212 which also landed in Gentoo repository (see https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/systemd/systemd-212.ebuild?hideattic=0&view=log). @ Security: Please vote!