Your message dated Sun, 12 Jan 2020 15:17:37 +0000
with message-id <[email protected]>
and subject line Bug#877885: fixed in sssd 1.15.0-3+deb9u1
has caused the Debian Bug report #877885,
regarding sssd: CVE-2017-12173: unsanitized input when searching in local cache
database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
877885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877885
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sssd
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for sssd.
CVE-2017-12173[0]:
unsanitized input when searching in local cache database
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12173
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1498173
Please adjust the affected versions in the BTS as needed, and
unfortuantely at time of writing, I have not found any furhter
information on the issue than what is written in [1].
Any ideas? Is there an upstream issue to track?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 1.15.0-3+deb9u1
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Dec 2019 14:12:24 +0100
Source: sssd
Architecture: source
Version: 1.15.0-3+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian SSSD Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 877885
Changes:
sssd (1.15.0-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* sysdb: sanitize search filter input (CVE-2017-12173) (Closes: #877885)
Checksums-Sha1:
80fa4ed292900f5d31c59fae759a5cfb1693efd9 4601 sssd_1.15.0-3+deb9u1.dsc
a663ae7bab781dfbcf51e7770910de6a0ffb3552 38548 sssd_1.15.0-3+deb9u1.diff.gz
Checksums-Sha256:
90838a23df5080eb4b507a923820f126bf7f254ae8b093411a57f04af601ca39 4601
sssd_1.15.0-3+deb9u1.dsc
4ae68f67e9b0c4dfadaae67809a4aca54b951fc3a574918df5e12aeba6d0c222 38548
sssd_1.15.0-3+deb9u1.diff.gz
Files:
4497dea0feea6a6d2a901d35194a1bfa 4601 utils extra sssd_1.15.0-3+deb9u1.dsc
88c858ba552fd8ca604e77a4701ea41b 38548 utils extra sssd_1.15.0-3+deb9u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl4JJmpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPKQQAI76mg6dM56TNOhghXi3OcXN0cyQG7XT
wC9k1Cd/+EnMwNIaD4p6MZAS2pP8CrPfUXzw5s6efd6aReaSPRNHt9IEVDFN1XTe
rA0AIuY33Zg/KZ8OAvXb8hqMLShrfFR8HGEq0YfBqdfNwVWYOSOMqVl72+ZIKiDK
VM9oUB4gwsPB5SayGYSipKZZyYkzxn/HxG23qmVIfUVQfq3RJg24OWinxML4xNbM
aDtlZUWfbzQQFMZ2dJnil76HGkvLFsGeFBuY0rcTVCsEF2vKKxii5zoiCkSDiAza
MAq2Sg8dQlo3HVpuI1NUNIoYk+8o8DuBLlCBVbkIxL/1ArQeUbKiz/EIJZl2nQ/c
MZUjKw7aRygP8wXedtMx6dWKx0XZojdkW/ouOOkYpSqIbo3B6xH2V/kwJHxeOZIG
D6p/YCCefEYIGXePHhK6VghWy8GKvHt2UYbymNxWWM2iCM4ER49eysEG3G3aExdG
GQt3Q+ZOBgIn8GSJH9+ue1KzRcS6LHJzjVdkNhhSwvCYDzJ22KZ3CjwHkGFrYuLM
prciZojH26YX5NlFNsUCMY8aW6s9jPboaeeLKH/RgjPU1yBafRzY1wbv+M2BAN0q
ApDo5lDONIl7dWxbbL9YOQVqGAsx+y/bfVZNZ1+pvmbOBDiyhgsVrZ1J1tNus5f5
qVEMxi5ttxI1
=ry8x
-----END PGP SIGNATURE-----
--- End Message ---
