Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2013-0219 CVE-2013-0220

Related Vulnerabilities: CVE-2013-0219   CVE-2013-0220   cve-2013-0219   cve-2013-0220  

Source

Debian Bug report logs - #698871
CVE-2013-0219 CVE-2013-0220

version graph

Package: sssd; Maintainer for sssd is Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>; Source for sssd is src:sssd (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 24 Jan 2013 18:45:02 UTC

Severity: grave

Tags: patch, security

Fixed in version sssd/1.8.4-2

Done: Timo Aaltonen <tjaalton@ubuntu.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Thu, 24 Jan 2013 18:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Thu, 24 Jan 2013 18:45:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2013-0219 CVE-2013-0220
Date: Thu, 24 Jan 2013 19:30:25 +0100
Package: sssd
Severity: grave
Tags: security

Hi,
multiple security issues have been discovered in sssd. Please see the Red Hat
bugzilla entries for details and patches:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Thu, 24 Jan 2013 18:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Thu, 24 Jan 2013 18:51:03 GMT) (full text, mbox, link).

Message #10 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@ubuntu.com>
To: Moritz Muehlenhoff <jmm@debian.org>, 698871@bugs.debian.org
Subject: Re: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Thu, 24 Jan 2013 20:46:43 +0200
On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> Package: sssd
> Severity: grave
> Tags: security
>
> Hi,
> multiple security issues have been discovered in sssd. Please see the Red Hat
> bugzilla entries for details and patches:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220

Yep, I'm aware of them and will prepare an upload later.

-- 
t

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Sat, 26 Jan 2013 21:09:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Sat, 26 Jan 2013 21:09:05 GMT) (full text, mbox, link).

Message #15 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Timo Aaltonen <tjaalton@ubuntu.com>, 698871@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@debian.org>
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Sat, 26 Jan 2013 22:06:27 +0100
Hi Timo

On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >Package: sssd
> >Severity: grave
> >Tags: security
> >
> >Hi,
> >multiple security issues have been discovered in sssd. Please see the Red Hat
> >bugzilla entries for details and patches:
> >
> >https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> >https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
> 
> Yep, I'm aware of them and will prepare an upload later.

The relevant commits seem to be:

 CVE-2013-0219:
 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
 and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
 See also https://fedorahosted.org/sssd/ticket/1782 .

 CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
See https://fedorahosted.org/sssd/ticket/1781 .

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Sun, 27 Jan 2013 09:48:03 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Sun, 27 Jan 2013 09:48:03 GMT) (full text, mbox, link).

Message #20 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@ubuntu.com>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 698871@bugs.debian.org, Moritz Muehlenhoff <jmm@debian.org>
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Sun, 27 Jan 2013 11:45:06 +0200
On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> Hi Timo
>
> On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
>> On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
>>> Package: sssd
>>> Severity: grave
>>> Tags: security
>>>
>>> Hi,
>>> multiple security issues have been discovered in sssd. Please see the Red Hat
>>> bugzilla entries for details and patches:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
>>
>> Yep, I'm aware of them and will prepare an upload later.
>
> The relevant commits seem to be:
>
>   CVE-2013-0219:
>   http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
>   and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
>   See also https://fedorahosted.org/sssd/ticket/1782 .
>
>   CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
> See https://fedorahosted.org/sssd/ticket/1781 .

There's still no backported commits for 1.8.x which is in sid/wheezy 
(94cbf1cfb0f8 at least needs backporting), I'll ask upstream tomorrow.


-- 
t

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Sun, 03 Feb 2013 22:00:07 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Sun, 03 Feb 2013 22:00:07 GMT) (full text, mbox, link).

Message #25 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Timo Aaltonen <tjaalton@ubuntu.com>
Cc: Salvatore Bonaccorso <carnil@debian.org>, 698871@bugs.debian.org
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Sun, 3 Feb 2013 22:59:01 +0100
On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >Hi Timo
> >
> >On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> >>On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >>>Package: sssd
> >>>Severity: grave
> >>>Tags: security
> >>>
> >>>Hi,
> >>>multiple security issues have been discovered in sssd. Please see the Red Hat
> >>>bugzilla entries for details and patches:
> >>>
> >>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> >>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
> >>
> >>Yep, I'm aware of them and will prepare an upload later.
> >
> >The relevant commits seem to be:
> >
> >  CVE-2013-0219:
> >  http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
> >  and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
> >  See also https://fedorahosted.org/sssd/ticket/1782 .
> >
> >  CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
> >See https://fedorahosted.org/sssd/ticket/1781 .
> 
> There's still no backported commits for 1.8.x which is in sid/wheezy
> (94cbf1cfb0f8 at least needs backporting), I'll ask upstream
> tomorrow.

What's the status?

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Wed, 06 Feb 2013 22:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Wed, 06 Feb 2013 22:57:03 GMT) (full text, mbox, link).

Message #30 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@ubuntu.com>
To: Moritz Mühlenhoff <jmm@inutil.org>, 698871@bugs.debian.org
Cc: Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: [Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Thu, 07 Feb 2013 00:51:59 +0200
On 03.02.2013 23:59, Moritz Mühlenhoff wrote:
> On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
>> On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
>>> Hi Timo
>>>
>>> On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
>>>> On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
>>>>> Package: sssd
>>>>> Severity: grave
>>>>> Tags: security
>>>>>
>>>>> Hi,
>>>>> multiple security issues have been discovered in sssd. Please see the Red Hat
>>>>> bugzilla entries for details and patches:
>>>>>
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
>>>>
>>>> Yep, I'm aware of them and will prepare an upload later.
>>>
>>> The relevant commits seem to be:
>>>
>>>   CVE-2013-0219:
>>>   http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
>>>   and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
>>>   See also https://fedorahosted.org/sssd/ticket/1782 .
>>>
>>>   CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
>>> See https://fedorahosted.org/sssd/ticket/1781 .
>>
>> There's still no backported commits for 1.8.x which is in sid/wheezy
>> (94cbf1cfb0f8 at least needs backporting), I'll ask upstream
>> tomorrow.
>
> What's the status?

Upstream released 1.8.6 with the patches, I have them staged in git and 
am discussing with the release team what other fixes can get in wheezy.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Fri, 15 Feb 2013 19:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Fri, 15 Feb 2013 19:21:03 GMT) (full text, mbox, link).

Message #35 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Timo Aaltonen <tjaalton@ubuntu.com>
Cc: Moritz Mühlenhoff <jmm@inutil.org>, 698871@bugs.debian.org
Subject: Re: [Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Fri, 15 Feb 2013 20:20:03 +0100
Hi Timo

On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote:
> On 03.02.2013 23:59, Moritz Mühlenhoff wrote:
> >On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> >>On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >>>Hi Timo
> >>>
> >>>On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> >>>>On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >>>>>Package: sssd
> >>>>>Severity: grave
> >>>>>Tags: security
> >>>>>
> >>>>>Hi,
> >>>>>multiple security issues have been discovered in sssd. Please see the Red Hat
> >>>>>bugzilla entries for details and patches:
> >>>>>
> >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0219
> >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0220
> >>>>
> >>>>Yep, I'm aware of them and will prepare an upload later.
> >>>
> >>>The relevant commits seem to be:
> >>>
> >>>  CVE-2013-0219:
> >>>  http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047
> >>>  and http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a .
> >>>  See also https://fedorahosted.org/sssd/ticket/1782 .
> >>>
> >>>  CVE-2013-0220: http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 .
> >>>See https://fedorahosted.org/sssd/ticket/1781 .
> >>
> >>There's still no backported commits for 1.8.x which is in sid/wheezy
> >>(94cbf1cfb0f8 at least needs backporting), I'll ask upstream
> >>tomorrow.
> >
> >What's the status?
> 
> Upstream released 1.8.6 with the patches, I have them staged in git
> and am discussing with the release team what other fixes can get in
> wheezy.

Did you heard anything back from the release team?

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Fri, 15 Feb 2013 19:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Fri, 15 Feb 2013 19:51:06 GMT) (full text, mbox, link).

Message #40 received at 698871@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Salvatore Bonaccorso <carnil@debian.org>, 698871@bugs.debian.org
Cc: Timo Aaltonen <tjaalton@ubuntu.com>, Moritz Mühlenhoff <jmm@inutil.org>
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Fri, 15 Feb 2013 19:50:03 +0000
On Fri, 2013-02-15 at 20:20 +0100, Salvatore Bonaccorso wrote:
> On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote:
> > Upstream released 1.8.6 with the patches, I have them staged in git
> > and am discussing with the release team what other fixes can get in
> > wheezy.
> 
> Did you heard anything back from the release team?

It's rather the other way around, afaict.

#debian-release, on February 6th:

10:34 < jcristau> once you have something tested, open a bug against
release.d.o, i'll take a look.

No bug appears to have been opened so far.

Regards,

Adam

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Tue, 26 Feb 2013 16:12:14 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Tue, 26 Feb 2013 16:12:15 GMT) (full text, mbox, link).

Message #45 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Timo Aaltonen <tjaalton@ubuntu.com>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 698871@bugs.debian.org, Moritz Mühlenhoff <jmm@inutil.org>
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Tue, 26 Feb 2013 17:11:28 +0100
Hi Timo

Any update on this? I see the patches at [1]. At this stage of the
release I'm unsure the other changes are acceptable. Do you have time
to prepare an upload only adressing #698871? If you get a ACK from
release-team I would happily sonsor the upload if needed.

 [1]: http://anonscm.debian.org/gitweb/?p=pkg-sssd/sssd.git;a=commitdiff;h=5632b7d752b89a47a52f831e3ba97f70a9d6469d

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>:
Bug#698871; Package sssd. (Wed, 27 Feb 2013 21:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>. (Wed, 27 Feb 2013 21:45:03 GMT) (full text, mbox, link).

Message #50 received at 698871@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@ubuntu.com>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 698871@bugs.debian.org, Moritz Mühlenhoff <jmm@inutil.org>
Subject: Re: Bug#698871: [Pkg-sssd-devel] Bug#698871: Bug#698871: CVE-2013-0219 CVE-2013-0220
Date: Wed, 27 Feb 2013 23:42:00 +0200
On 26.02.2013 18:11, Salvatore Bonaccorso wrote:
> Hi Timo
>
> Any update on this? I see the patches at [1]. At this stage of the
> release I'm unsure the other changes are acceptable. Do you have time
> to prepare an upload only adressing #698871? If you get a ACK from
> release-team I would happily sonsor the upload if needed.
>
>   [1]: http://anonscm.debian.org/gitweb/?p=pkg-sssd/sssd.git;a=commitdiff;h=5632b7d752b89a47a52f831e3ba97f70a9d6469d

Sorry for the delay, I've pushed the debian-wheezy branch with just the 
cve fixes on it. It's not tagged yet, so needs to be finalized first 
before upload. And yes, a sponsor is needed.


-- 
t

Added tag(s) patch. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 03 Mar 2013 21:42:07 GMT) (full text, mbox, link).

Reply sent to Timo Aaltonen <tjaalton@ubuntu.com>:
You have taken responsibility. (Mon, 04 Mar 2013 20:51:13 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 04 Mar 2013 20:51:13 GMT) (full text, mbox, link).

Message #57 received at 698871-close@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@ubuntu.com>
To: 698871-close@bugs.debian.org
Subject: Bug#698871: fixed in sssd 1.8.4-2
Date: Mon, 04 Mar 2013 20:49:53 +0000
Source: sssd
Source-Version: 1.8.4-2

We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698871@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@ubuntu.com> (supplier of updated sssd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Feb 2013 23:38:28 +0200
Source: sssd
Binary: sssd sssd-tools libnss-sss libpam-sss libipa-hbac0 libipa-hbac-dev libsss-sudo0 libsss-sudo-dev python-libipa-hbac python-sss
Architecture: source amd64
Version: 1.8.4-2
Distribution: unstable
Urgency: low
Maintainer: Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaalton@ubuntu.com>
Description: 
 libipa-hbac-dev - FreeIPA HBAC Evaluator library
 libipa-hbac0 - FreeIPA HBAC Evaluator library
 libnss-sss - Nss library for the System Security Services Daemon
 libpam-sss - Pam module for the System Security Services Daemon
 libsss-sudo-dev - Communicator library for sudo -- development files
 libsss-sudo0 - Communicator library for sudo
 python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
 python-sss - Python module for the System Security Services Daemon
 sssd       - System Security Services Daemon
 sssd-tools - System Security Services Daemon -- tools
Closes: 698871
Changes: 
 sssd (1.8.4-2) unstable; urgency=low
 .
   * fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff,
     fix-cve-2013-0220.diff: Upstream commits from the stable tree to fix
     recent CVE reports. (Closes: #698871)
Checksums-Sha1: 
 b3c0cbcaead199e0f4d3ca999e43e417d5bb77a1 2727 sssd_1.8.4-2.dsc
 44b3f6a870aecf53b340a258613c9e653cb177e9 26685 sssd_1.8.4-2.diff.gz
 d8af76db489e32250c630cb4dff890cb8bd39e92 2979710 sssd_1.8.4-2_amd64.deb
 9d802d6017d93918157f4632a85fdafb18f184d8 1014098 sssd-tools_1.8.4-2_amd64.deb
 3b154169cf94a6756789572a5c749ea117358d60 22850 libnss-sss_1.8.4-2_amd64.deb
 01930ba07bd7bd5eb0d092fd3516f08d002fb1f4 26794 libpam-sss_1.8.4-2_amd64.deb
 439cc43fef6ded1807a6d3ca4f317f05374a4dbe 14930 libipa-hbac0_1.8.4-2_amd64.deb
 a556f2337e26ccf49a68efae1fe7835fe377a093 13774 libipa-hbac-dev_1.8.4-2_amd64.deb
 0dd5b60cce9636a95079c861bdcad48347152775 18604 libsss-sudo0_1.8.4-2_amd64.deb
 ee9dfe1badd17e2ca389cd32ca0d1b0b520cd649 13372 libsss-sudo-dev_1.8.4-2_amd64.deb
 207aaaf43f18481a14bffabd76787f2a5c833a54 24902 python-libipa-hbac_1.8.4-2_amd64.deb
 ad60fe2aa2a4c5dcb9274cad2f0b768bb0d11cfc 215856 python-sss_1.8.4-2_amd64.deb
Checksums-Sha256: 
 0c515ac176d08746a7bb114fe054ec3121803d279f25416f920b40df8906ba49 2727 sssd_1.8.4-2.dsc
 55aa3e3a839847563fbaeb1b153fd89bbbbb045b1d5bec4966b280d0fbd636d7 26685 sssd_1.8.4-2.diff.gz
 b334115e3a3faf0b7aeed303ad49009712be18d7659e8ef45ccf94896ec6ee20 2979710 sssd_1.8.4-2_amd64.deb
 8be82dc19620e8143437c8ce47ea8e0b51adb3993219a4a51bdb89ca8a656713 1014098 sssd-tools_1.8.4-2_amd64.deb
 ca4f5e6621a1702be1da1d1d4876f708c5129596c17f8d9c014c33cda66273ff 22850 libnss-sss_1.8.4-2_amd64.deb
 4cdaa4e179b82ef76297d88672f103488d1d4f6b0d66ba5856ffe4ae0d5f9354 26794 libpam-sss_1.8.4-2_amd64.deb
 927b51050959dbc4b495576247f5731a325132dadf85cc5657ecc5f51ac89021 14930 libipa-hbac0_1.8.4-2_amd64.deb
 33aebaaf254ed29d515d57e2c8b8b1c3248d237b200b1083309cff169bf60a0a 13774 libipa-hbac-dev_1.8.4-2_amd64.deb
 1f950fbbbf06d621f547a4e57dbbf8653538e50d30aa19df8466cdb56b57a67f 18604 libsss-sudo0_1.8.4-2_amd64.deb
 f1da0296058c5f068dc7f9949b06c632d6814876d96b069c87d7f00022737af0 13372 libsss-sudo-dev_1.8.4-2_amd64.deb
 7e8324a3e344588ca5dcbbf122c1b1de5d70aea4eb6f8367c81cb042bc21711b 24902 python-libipa-hbac_1.8.4-2_amd64.deb
 601f4635bf081898ff7e3ce8400718b56f6af7d38d5171bb19b7658148886ba5 215856 python-sss_1.8.4-2_amd64.deb
Files: 
 acde326e50a6e2d22854a418156f8900 2727 utils extra sssd_1.8.4-2.dsc
 e164172a7f225682e0e96298a0701f38 26685 utils extra sssd_1.8.4-2.diff.gz
 8a068722d65742274c29e9ed7f0d03df 2979710 utils extra sssd_1.8.4-2_amd64.deb
 d2eb46168ca547756d43d775398e21b9 1014098 utils extra sssd-tools_1.8.4-2_amd64.deb
 9bf7206d22f4c105a54ca97f65235acc 22850 utils extra libnss-sss_1.8.4-2_amd64.deb
 9c8828aefbbf47b62c7823baf44043b8 26794 utils extra libpam-sss_1.8.4-2_amd64.deb
 e30bc6e74daf8e7d37cc645a158c9dc4 14930 libs extra libipa-hbac0_1.8.4-2_amd64.deb
 34a8972ea9900e54cd25639fd27e7efc 13774 libdevel extra libipa-hbac-dev_1.8.4-2_amd64.deb
 576e989598ead6d35565c431f19cb9bc 18604 libs extra libsss-sudo0_1.8.4-2_amd64.deb
 a6e5fdc7fdb0b3ea6f7a3fda36561c6b 13372 libdevel extra libsss-sudo-dev_1.8.4-2_amd64.deb
 db42ccd80d88c541afbff87788a54b26 24902 python extra python-libipa-hbac_1.8.4-2_amd64.deb
 92b453363e206a5a718a66b395d32e09 215856 python extra python-sss_1.8.4-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRNPv/AAoJEHidbwV/2GP+BBAQAKgrxfNt0JA4GNolOu4jfmpF
l/LlhSVntM1uGt3zWLioxhJ+Eoo27X3r05zFej/MZQ+SyeKMCQ31DIcKss0zL5WY
FJ4XxsDuqHOGgot48WYqGKONT+VznWOgLIEEYXZtcVHBfEcHkCerSmc0vvTMWlGz
oXjjMVPDnuMOMYIPSxEbvRxLSGY9AeJDTKd8GqmMNNeSzXEMeKBrwIzv3txboVr+
ssJYRvL1WxV9RBMQEomknakSHmhmpMa1Wd51GzakQO/E99tZ4tn4tP8nNJrjPi2X
yb2EFFSikIbUvronb0vx+Qbw8easTTmZac3O7/tyb7Ao+tKC4wRT0T8E5KrsRQK/
jA9zMjWjtda+TMuFddC+pH7/dZg0JrogF9GGNJ/Gfp1/b89e9zlvsptcTfgvzVgm
ohJiXDcecjr/hD9FO433+ySEz8XMNUEDzzlTP/H/FlCCHqX29+5YtFasxxrowPy7
dcjGu0AB0nj/7Rj9g+p2RxjYTpitk5LtFTsv49uQIb78rM8koyT9oUAPzookB9yM
+qduLPKzcGmf1NICvlahJvEMCAxLMThjj9yqiKIM8w95KUt4LkCFxEk2VAWUllgE
gIuBiHv8/jqc4YJFrEerhyQhBnWo6rU9vUcfbavFAZ0b63E25Zv+vHrUKE6RRMuN
euhsPk53xvGr04XLiZuf
=/uky
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 15 Apr 2013 07:33:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:05:08 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started