[Pkg-freeipa-devel] Bug#960089: Bug#960089: oddjob: CVE-2020-10737
Timo Aaltonen
tjaalton at debian.org
Mon Jun 1 21:46:56 BST 2020
On 9.5.2020 12.07, Salvatore Bonaccorso wrote:
> Source: oddjob
> Version: 0.34.4-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> The following vulnerability was published for oddjob.
>
> CVE-2020-10737[0]:
> | oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c
> | can lead to symlink attack
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2020-10737
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10737
>
> Please adjust the affected versions in the BTS as needed.
hi, sorry I forgot to mention the CVE in the changelog..
--
t
More information about the Pkg-freeipa-devel
mailing list