Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2020 December

 

Due to a fire the data is not complete. This is data restored from git logs meaning it is far from complete.
Work done this month:
  • Worked on wireshark
  • Worked on reel
  • Worked on pluxml
  • Worked on ruby-doorkeeper
  • Declared CVE-2016-11086 as minor issue since the problem is exploitable if /etc/ssl/certs/ca-certificates.crt does not exist. However this file normally exists since ruby-oath depends on ruby who in turn depend on ca-certificates package which generates this file. This means that in Debian this file always eists unless the admin has intentionally removed it. So the package is vulnerable but typically not in Debian. Updating this vulnerability could even cause a regression because some server admin may intentionally have removed this file to not check the certificate.