Bug#900548: marked as done (slurm-llnl: CVE-2018-10995: Insecure handling of username and gid fields)

Wed, 06 Jun 2018 22:22:06 -0700 

Your message dated Thu, 7 Jun 2018 07:17:10 +0200
with message-id <20180607051710.ga26...@lorien.valinor.li>
and subject line Re: Bug#900548: slurm-llnl: CVE-2018-10995: Insecure handling 
of username and gid fields
has caused the Debian Bug report #900548,
regarding slurm-llnl: CVE-2018-10995: Insecure handling of username and gid 
fields
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
900548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: slurm-llnl
Version: 14.03.9-5
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for slurm-llnl.

CVE-2018-10995[0]:
| SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles
| user names (aka user_name fields) and group ids (aka gid fields).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10995
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10995

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: slurm-llnl
Source-Version: 17.11.7-1

On Fri, Jun 01, 2018 at 09:51:28AM +0200, Salvatore Bonaccorso wrote:
> Source: slurm-llnl
> Version: 14.03.9-5
> Severity: grave
> Tags: security upstream
> 
> Hi,
> 
> The following vulnerability was published for slurm-llnl.
> 
> CVE-2018-10995[0]:
> | SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles
> | user names (aka user_name fields) and group ids (aka gid fields).
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

This issue was adressed with the 17.11.7-1 upload to unstable, closing
the bug accordingly.

Regards,
Salvatore

--- End Message ---

Reply via email to