On Mon, Jul 23, 2018 at 11:16 AM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote: > On Mon, Jul 23, 2018 at 04:43:01AM +0100, Ken Moffat wrote: >> ... > One of the reasons why I didn't see the problem when I was developing > the remediation patch for CVE-2018-1108 is because I run Debian > testing, which doesn't have this particular Red Hat patch. Off-topic, I'm kind of surprised it took that long to fix it (if I am parsing things correctly). I believe Stephan Mueller wrote up the weakness a couple of years ago. He's the one who explained the interactions to me. Mueller was even cited at https://github.com/systemd/systemd/issues/4167. It is too bad he Mueller not receive credit for it in the CVE database. Jeff