[Pkg-sssd-devel] Bug#877885: sssd: CVE-2017-12173: unsanitized input when searching in local cache database
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 11 18:54:07 UTC 2017
Hi
On Fri, Oct 06, 2017 at 06:54:34PM +0200, Salvatore Bonaccorso wrote:
> Source: sssd
> Severity: important
> Tags: upstream security
>
> Hi,
>
> the following vulnerability was published for sssd.
>
> CVE-2017-12173[0]:
> unsanitized input when searching in local cache database
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-12173
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12173
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1498173
>
> Please adjust the affected versions in the BTS as needed, and
> unfortuantely at time of writing, I have not found any furhter
> information on the issue than what is written in [1].
>
> Any ideas? Is there an upstream issue to track?
There is now more information available, and a fix commited as https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835
Regards,
Salvatore
More information about the Pkg-sssd-devel
mailing list