Your message dated Thu, 12 Oct 2017 06:48:46 +0000
with message-id <[email protected]>
and subject line Bug#877885: fixed in sssd 1.15.3-2
has caused the Debian Bug report #877885,
regarding sssd: CVE-2017-12173: unsanitized input when searching in local cache
database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
877885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877885
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sssd
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for sssd.
CVE-2017-12173[0]:
unsanitized input when searching in local cache database
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12173
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1498173
Please adjust the affected versions in the BTS as needed, and
unfortuantely at time of writing, I have not found any furhter
information on the issue than what is written in [1].
Any ideas? Is there an upstream issue to track?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 1.15.3-2
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Oct 2017 08:24:51 +0300
Source: sssd
Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm
sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss
libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev
libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev
libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd
libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss
python3-libipa-hbac python3-libsss-nss-idmap python3-sss
Architecture: source
Version: 1.15.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
libsss-certmap-dev - Certificate mapping library for SSSD -- development files
libsss-certmap0 - Certificate mapping library for SSSD
libsss-idmap-dev - ID mapping library for SSSD -- development files
libsss-idmap0 - ID mapping library for SSSD
libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files
libsss-nss-idmap0 - SID based lookups library for SSSD
libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files
libsss-simpleifp0 - SSSD D-Bus responder helper library
libsss-sudo - Communicator library for sudo
libwbclient-sssd - SSSD libwbclient implementation
libwbclient-sssd-dev - SSSD libwbclient implementation -- development files
python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
python-libsss-nss-idmap - Python bindings for the SID lookups library
python-sss - Python module for the System Security Services Daemon
python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
python3-libsss-nss-idmap - Python3 bindings for the SID lookups library
python3-sss - Python3 module for the System Security Services Daemon
sssd - System Security Services Daemon -- metapackage
sssd-ad - System Security Services Daemon -- Active Directory back end
sssd-ad-common - System Security Services Daemon -- PAC responder
sssd-common - System Security Services Daemon -- common files
sssd-dbus - System Security Services Daemon -- D-Bus responder
sssd-ipa - System Security Services Daemon -- IPA back end
sssd-kcm - System Security Services Daemon -- Kerberos KCM server implementa
sssd-krb5 - System Security Services Daemon -- Kerberos back end
sssd-krb5-common - System Security Services Daemon -- Kerberos helpers
sssd-ldap - System Security Services Daemon -- LDAP back end
sssd-proxy - System Security Services Daemon -- proxy back end
sssd-tools - System Security Services Daemon -- tools
Closes: 872787 877885
Changes:
sssd (1.15.3-2) unstable; urgency=medium
.
* control: Fix libipa-hbac-dev short description.
* generate-config: Update the config template. (Closes: #872787)
* sysdb-sanitize-search-filter-input.diff: Fix CVE-2017-12173.
(Closes: #877885)
Checksums-Sha1:
9b45a787b815eac87e456efcc5f4a8896bb04a7f 4605 sssd_1.15.3-2.dsc
a6d7d69f7f9f63310ba18128badef45e4965b810 39403 sssd_1.15.3-2.diff.gz
Checksums-Sha256:
d6f6dd4597f28987115404ce84b4277f0a7876bce7c91ac676d052b0a544a4d9 4605
sssd_1.15.3-2.dsc
214686f109616ca04ea25d85479aab1fd86e94e8f19e02ec7b4eb294dca82cc8 39403
sssd_1.15.3-2.diff.gz
Files:
d77e48622fd4bc1c7eb3e16581cdebe2 4605 utils extra sssd_1.15.3-2.dsc
f012c1df55ebe7bd0f517614f9460cc0 39403 utils extra sssd_1.15.3-2.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZ3wyCAAoJEMtwMWWoiYTczmwQAInMC6ysZIy3PcJTKYSAu21L
uTYkM8HYAWb/rqAwBWzLVdCuN1jeZx1RnVxJuG03xrOZncRshFYl0Mp2Y3oqqxIX
goHdnCE07ziTtC8ipSS9mH6FDqQLk/ZeaffIOs+PoRbY1NR/CPx8FPixWIFjwpQ/
YUAjcSexq+V4SfWwafYqtkYXnM91ZH/gGojyC4UjAhDoyFCn3bsg4JwEEgqnWvUL
eJomk1UiqHv6op0xtIJNcELN89pLMODWkZ36hFfIBAJvgVX2cKs6KjLJZ0U1x7Pc
fzZsgH3OwSJpVlrDLVmUB/s+kp1jmZV2UvkKTk9/wr5o2d/gKg2vRnIYdB/tukdz
iPZhHLLhbWOTdGg/UufkL1GqISHzuzgaAEgRUxn/iXbwkZNtFsutShfw6S9rMZuw
kRdnLWpV3z/0aMf/ketLzlo0hFarWbvlHFXE8FWyW4VzwYZkutaYHKhTKivYLTgV
RfFYcVjIYU8qK0/wZDlc66FTVpQD0DltyDyA8ZlrMPw76fXwK9dbgOvNJlhNrlre
2G/om69P53ke+yvzdwQibSFVgEAE6LLmWESfTRn4ehE2HZ8CkNZBZXVF/SEdCFU8
4MiP1q1wB0PLxrhXRsh4GFEM1rkNQKFR/rQEFwmg7Vq9oaj7ooTgelN3rDJH6xF8
I5RufWYuu5/H711Wx88W
=0PKo
-----END PGP SIGNATURE-----
--- End Message ---
