[Git][security-tracker-team/security-tracker][master] Add upstream issue for CVE-2018-16838
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 4 20:15:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b115ddd7 by Salvatore Bonaccorso at 2019-07-04T19:15:00Z
Add upstream issue for CVE-2018-16838
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42436,6 +42436,7 @@ CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. Wh
NOTE: GPO based access control introduced in https://github.com/SSSD/sssd/commit/60cab26b12
NOTE: seems to presuppose configuration mistake: if sssd is not given enough permissions
NOTE: to read GPO, access is systematically granted instead of denied
+ NOTE: https://pagure.io/SSSD/sssd/issue/3867
NOTE: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175
CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
{DSA-4396-1 DLA-1576-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b115ddd7750a9a0bb376abea0ba0f35bca0d4b37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b115ddd7750a9a0bb376abea0ba0f35bca0d4b37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190704/2ab4d3ef/attachment.html>
More information about the debian-security-tracker-commits
mailing list