[Pkg-sssd-devel] s-pu upload to fix no-dsa security issue in sssd
Timo Aaltonen
tjaalton at debian.org
Thu Feb 13 13:50:50 GMT 2025
Guilhem Moulin kirjoitti 9.2.2025 klo 15.11:
> Hi there,
>
> While working on an upload for Bullseye LTS I noticed the version of
> src:sssd currently found in Bookworm is vulnerable to CVE-2023-3758
> (marked no-dsa by the security team) [0]. The issue is already fixed in
> trixie, and is now fixed in bullseye-security so it makes sense to fix
> to fix it Bookworm as well.
>
> The upstream patches trivially apply to 2.8.2-4 (using the patch from
> upstream's sssd-2-8-branch). I attach a tested debdiff; individual
> commits and tag can be found on the LTS team fork [1].
>
> (I observed that 2.8.2-4 doesn't run the test suite, and didn't change
> that in 2.8.2-4+deb12u1. sss_certmap_test fails on both versions for
> reasons unreleated to that change. ad_gpo_tests passes on both versions
> though.)
>
> Unless you object I'll file a bookworm-pu bug with these changes.
>
> Cheers,
sorry for the delay, go ahead
--
t
More information about the Pkg-sssd-devel
mailing list