Source: slurm-wlm Version: 20.11.5-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for slurm-wlm. CVE-2021-31215[0]: | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before | 20.11.7 allows remote code execution as SlurmUser because use of a | PrologSlurmctld or EpilogSlurmctld script leads to environment | mishandling. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31215 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31215 Please adjust the affected versions in the BTS as needed, I'm not sure if older versions as in buster are affected as well. Regards, Salvatore
