Bug#698871: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220

Timo Aaltonen Sun, 27 Jan 2013 01:48:13 -0800

On 26.01.2013 23:06, Salvatore Bonaccorso wrote:

Hi Timo


On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:

On 24.01.2013 20:30, Moritz Muehlenhoff wrote:

Package: sssd
Severity: grave
Tags: security

Hi,
multiple security issues have been discovered in sssd. Please see the Red Hat
bugzilla entries for details and patches:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220


Yep, I'm aware of them and will prepare an upload later.


The relevant commits seem to be:

  CVE-2013-0219:
  
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
  and 
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a
 .
  See also https://fedorahosted.org/sssd/ticket/1782 .

  CVE-2013-0220: 
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325
 .
See https://fedorahosted.org/sssd/ticket/1781 .

There's still no backported commits for 1.8.x which is in sid/wheezy(94cbf1cfb0f8 at least needs backporting), I'll ask upstream tomorrow.



--
t


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698871: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220

Reply via email to