[Git][security-tracker-team/security-tracker][master] Document openmpi embedding pmix and where switching to system library use

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 4 09:48:59 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc3c1ab5 by Salvatore Bonaccorso at 2023-11-04T10:48:09+01:00
Document openmpi embedding pmix and where switching to system library use

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -9048,7 +9048,6 @@ CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attacke
 	- pmix 5.0.1-1 (bug #1051729)
 	NOTE: https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f (v4.2.6)
 	NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1)
-	TODO: to be checked if affects the embedded copy for openmpi
 CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...)
 	{DSA-5494-1 DLA-3574-1}
 	- mutt 2.2.12-0.1 (bug #1051563)


=====================================
data/embedded-code-copies
=====================================
@@ -3767,3 +3767,8 @@ ruby-arel
 python-truststore
 	- python-pip <unfixable> (embed)
 	NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pmix
+	- openmpi 4.1.0-5 (embed)
+	NOTE: Since 4.1.0-5 openmpi uses the system libary for src:pmix
+	NOTE: https://salsa.debian.org/hpc-team/openmpi/-/commit/f2734a47152742bcc909317e4373e70ecffcdb04



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc3c1ab5332f6fd86de5393b2447a5bfc6901227

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc3c1ab5332f6fd86de5393b2447a5bfc6901227
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231104/91870947/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list