[Git][security-tracker-team/security-tracker][master] CVE-2019-19728/slurm-llnl: stretch ignored

Thu Dec 30 21:41:12 GMT 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2c49dd9 by Sylvain Beucler at 2021-12-30T22:21:44+01:00
CVE-2019-19728/slurm-llnl: stretch ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143222,11 +143222,14 @@ CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid)
 CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
 	{DSA-4841-1}
 	- slurm-llnl 19.05.5-1
-	[stretch] - slurm-llnl <no-dsa> (Minor issue)
+	[stretch] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
 	[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
 	NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
+	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=8084
 	NOTE: Fixed upstream in 18.08.9, 19.05.5
+	NOTE: regression: running 'srun --uid ...' can lock the node 'alloc' state, requiring manually reset
+	NOTE: (with 'nobody' in stretch, with all users in jessie)
 CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
 	- slurm-llnl 19.05.5-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c49dd9e3b2c7f7c65e51a5e1315986493314a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c49dd9e3b2c7f7c65e51a5e1315986493314a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211230/6b1d6d5b/attachment.htm>
