Your message dated Thu, 16 Sep 2021 12:22:09 +0000 with message-id <e1mqqp3-000540...@fasolo.debian.org> and subject line Bug#992710: fixed in sssd 2.5.2-1 has caused the Debian Bug report #992710, regarding sssd: CVE-2021-3621: shell command injection in sssctl to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 992710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sssd Version: 2.4.1-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.16.3-3.2 Hi, The following vulnerability was published for sssd. CVE-2021-3621[0]: | shell command injection in sssctl If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3621 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3621 [1] https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe [2] https://bugzilla.redhat.com/show_bug.cgi?id=1975142 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sssd Source-Version: 2.5.2-1 Done: Timo Aaltonen <tjaal...@debian.org> We believe that the bug you reported is fixed in the latest version of sssd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 992...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated sssd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Sep 2021 14:51:42 +0300 Source: sssd Built-For-Profiles: noudeb Architecture: source Version: 2.5.2-1 Distribution: unstable Urgency: medium Maintainer: Debian SSSD Team <pkg-sssd-de...@alioth-lists.debian.net> Changed-By: Timo Aaltonen <tjaal...@debian.org> Closes: 978904 983795 992710 992815 Changes: sssd (2.5.2-1) unstable; urgency=medium . [ Sergio Durigan Junior ] * d/apparmor-profile: Update profile: - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*. - Add read/execute permission to /usr/libexec/sssd/*. . [ Timo Aaltonen ] * New upstream release. (Closes: #978904, #992815, #983795) * fix-whitespace-test.diff: Refreshed. * control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream. * fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix. * patches: Fix CVE-2021-3621. (Closes: #992710) Checksums-Sha1: 1615fe106eee334edebe834ed3268d107c6c225c 4957 sssd_2.5.2-1.dsc 680a282289fdfc6e27562e0ac82933ccd1f9574e 7579208 sssd_2.5.2.orig.tar.gz cf7a7da28d6bb8589ab329c68d4dd847a3a215e0 488 sssd_2.5.2.orig.tar.gz.asc 7ec8ca72f8189bebc23258d7ec69533a6cf7e98c 36988 sssd_2.5.2-1.debian.tar.xz 5c2a8e4bfc8550f39f55ec829c61b8379c410448 9643 sssd_2.5.2-1_source.buildinfo Checksums-Sha256: 4ed1c2c4b59fb888c5eb3d2b526b9091313bd965c4f9c69394522f12e3a0d705 4957 sssd_2.5.2-1.dsc 5e21b3c7b4a2f1063d0fbdd3216d29886b6eaba153b44fb5961698367f399a0f 7579208 sssd_2.5.2.orig.tar.gz a5c22057dd54a75dc0b442d39925c5377ef32cdb1652f6b27418a6a5f253d5e2 488 sssd_2.5.2.orig.tar.gz.asc 45078f06ff722da6350120e0db7c235300667fa9991dc21d30eb778f416dd8fd 36988 sssd_2.5.2-1.debian.tar.xz 7d7133a8e96a101434246654f0cce5d70c0f08a19cffc57ef082545bd3f4fcd5 9643 sssd_2.5.2-1_source.buildinfo Files: d7c5d16ab0a247264dcc920c90e38e76 4957 utils optional sssd_2.5.2-1.dsc e750e4c6677c4241838da55f465cca9c 7579208 utils optional sssd_2.5.2.orig.tar.gz 3db0655a5634d658da01bfcc9e39018e 488 utils optional sssd_2.5.2.orig.tar.gz.asc a0c2150b1aab69c8ced580e140f48686 36988 utils optional sssd_2.5.2-1.debian.tar.xz d62ce4851116990a2f94e52d60f9a45d 9643 utils optional sssd_2.5.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmFDL/UACgkQy3AxZaiJ hNyydg/+LTJQ8auehHVcQWDbtCHiAHpC6WTMDh8liOyTk2+F46bRVHjwj7RqcKBD iW1A+W6fdT0QXLE7d3q1pk2yakWEC5QZUuKu8H3bkgeDDZOXU7lrBRmdtsUBIBB6 hFILoxX+j2GWiJi2H2eMSJnU6jAicMsuIdPXdUttc0Xy86kjNUBBzwxuU2yHVGwV 8cVaBCgXVXOpU7+qtuwiYFys2ZM7YvsH9QJN7JAWfpfQ2claGbAx5VM60QwLTemi cZxWYHcmjDeV6/hpUMOeiMlR6Jc3WnwqF7ZAK4Fl+sxpxghCK7w3zZT1yeGfI8FO iXzHfTUtdV6Xo5LpmqTNr04r7oeNdfLb6Qn57YEA7ZCC02oxWBhxUkBC3fms52bd TbVkseN8ApThZAfFDqWEKGksDw1Ri1zCuxUWvL85V5V4OWCqYuHxAGrIdhrDeeDr rW0eRqyvBhw80xJyuY9iH0n3uyIwfvjqSFkhXkLFAh9udPqFI6It3jYWaUL8nOg0 LXVYTa0zyn7e5nhcrZSoI5TMjA1fIlGwS4SXRw5bzgRQyfteRdYHS2JzLpbKFJGz au3Rut+zQUqGfRDokz1h5GTGvz1uz0dOZ8yw7iYf1hUNKsIlUXmcogqPLzk7QC2u rS5queyP80KDFqVnDqiORweSI1izeoX4HGOYFFy2I2irL5BG2kQ= =lU/r -----END PGP SIGNATURE-----
--- End Message ---
