[Pkg-sssd-devel] Bug#698871: Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 15 19:20:03 UTC 2013
Hi Timo
On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote:
> On 03.02.2013 23:59, Moritz Mühlenhoff wrote:
> >On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> >>On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >>>Hi Timo
> >>>
> >>>On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> >>>>On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >>>>>Package: sssd
> >>>>>Severity: grave
> >>>>>Tags: security
> >>>>>
> >>>>>Hi,
> >>>>>multiple security issues have been discovered in sssd. Please see the Red Hat
> >>>>>bugzilla entries for details and patches:
> >>>>>
> >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
> >>>>
> >>>>Yep, I'm aware of them and will prepare an upload later.
> >>>
> >>>The relevant commits seem to be:
> >>>
> >>> CVE-2013-0219:
> >>> http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
> >>> and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
> >>> See also https://fedorahosted.org/sssd/ticket/1782 .
> >>>
> >>> CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
> >>>See https://fedorahosted.org/sssd/ticket/1781 .
> >>
> >>There's still no backported commits for 1.8.x which is in sid/wheezy
> >>(94cbf1cfb0f8 at least needs backporting), I'll ask upstream
> >>tomorrow.
> >
> >What's the status?
>
> Upstream released 1.8.6 with the patches, I have them staged in git
> and am discussing with the release team what other fixes can get in
> wheezy.
Did you heard anything back from the release team?
Regards,
Salvatore
More information about the Pkg-sssd-devel
mailing list