[Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Timo Aaltonen
tjaalton at ubuntu.com
Sun Jan 27 09:45:06 UTC 2013
On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> Hi Timo
>
> On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
>> On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
>>> Package: sssd
>>> Severity: grave
>>> Tags: security
>>>
>>> Hi,
>>> multiple security issues have been discovered in sssd. Please see the Red Hat
>>> bugzilla entries for details and patches:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
>>
>> Yep, I'm aware of them and will prepare an upload later.
>
> The relevant commits seem to be:
>
> CVE-2013-0219:
> http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
> and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
> See also https://fedorahosted.org/sssd/ticket/1782 .
>
> CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
> See https://fedorahosted.org/sssd/ticket/1781 .
There's still no backported commits for 1.8.x which is in sid/wheezy
(94cbf1cfb0f8 at least needs backporting), I'll ask upstream tomorrow.
--
t
More information about the Pkg-sssd-devel
mailing list