Source: slurm-llnl Version: 18.08.6.2-1 Severity: grave Tags: security upstream Control: found -1 18.08.5.2-1 Control: found -1 16.05.9-1+deb9u4 Control: found -1 16.05.9-1
Hi, The following vulnerability was published for slurm-llnl. I'm filling it with an RC severity to be on safe side, but if you have more information available and think the RC severity is not warranted please feel free to then downgrade. CVE-2019-12838[0]: | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL | Injection. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12838 [1] https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html Please adjust the affected versions in the BTS as needed. [1] say that whilest only 19.05 and 18.08 releases are patched previous releases were affected as well. Regards, Salvatore
