On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >Hi Timo
> >
> >On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> >>On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >>>Package: sssd
> >>>Severity: grave
> >>>Tags: security
> >>>
> >>>Hi,
> >>>multiple security issues have been discovered in sssd. Please see the Red
> >>>Hat
> >>>bugzilla entries for details and patches:
> >>>
> >>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> >>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
> >>
> >>Yep, I'm aware of them and will prepare an upload later.
> >
> >The relevant commits seem to be:
> >
> > CVE-2013-0219:
> >
> > http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
> > and
> > http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a
> > .
> > See also https://fedorahosted.org/sssd/ticket/1782 .
> >
> > CVE-2013-0220:
> > http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325
> > .
> >See https://fedorahosted.org/sssd/ticket/1781 .
>
> There's still no backported commits for 1.8.x which is in sid/wheezy
> (94cbf1cfb0f8 at least needs backporting), I'll ask upstream
> tomorrow.
What's the status?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
