[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-16838/sssd: Mention upstream branch name.
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sun May 28 15:08:04 BST 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5587213 by Guilhem Moulin at 2023-05-28T16:00:12+02:00
CVE-2018-16838/sssd: Mention upstream branch name.
- - - - -
6883d6a3 by Guilhem Moulin at 2023-05-28T16:06:54+02:00
CVE-2021-3621/sssd: Add reference to upstream commit for sssd-1-16 branch.
And mention upstream branch name for 7ab83f9.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -142232,7 +142232,8 @@ CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable
[bullseye] - sssd <no-dsa> (Minor issue)
[buster] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
- NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
+ NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7)
+ NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16)
NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91)
CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...)
- ansible-core 2.12.0-1
@@ -328313,7 +328314,7 @@ CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. Wh
NOTE: seems to presuppose configuration mistake: if sssd is not given enough permissions
NOTE: to read GPO, access is systematically granted instead of denied
NOTE: https://pagure.io/SSSD/sssd/issue/3867
- NOTE: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175
+ NOTE: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175 (sssd-1-16)
CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
{DSA-4396-1 DLA-1576-1}
- ansible 2.7.1+dfsg-1 (bug #912297)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4124dfe2cae1f04d255add92ca5d40d83717a1b3...6883d6a39ab13dd85333668ae96285338af8fc38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4124dfe2cae1f04d255add92ca5d40d83717a1b3...6883d6a39ab13dd85333668ae96285338af8fc38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/51c4a077/attachment.htm>
More information about the debian-security-tracker-commits
mailing list