[Git][security-tracker-team/security-tracker][master] Update note for CVE-2022-0563/util-linux

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 15 20:45:12 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b46f327d by Salvatore Bonaccorso at 2022-02-15T21:44:53+01:00
Update note for CVE-2022-0563/util-linux

Unfortunately the situation is compliated. util-linux is compiled with
readline support. But additionally it is configured with
--disable-chfn-chsh. The chfn and chsh utilities are until now provided
by src:shadow (and the passwd binary package).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1213,7 +1213,8 @@ CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compi
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
 	NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
 	NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
-	NOTE: util-linux in Debian not built with readline support
+	NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided
+	NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh
 CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within  ...)
 	- tiff 4.3.0-4
 	[bullseye] - tiff <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46f327d060e2ef661451e76273d97ad9c7b18be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46f327d060e2ef661451e76273d97ad9c7b18be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/57302943/attachment.htm>


More information about the debian-security-tracker-commits mailing list