On Mon, 10 Jan 2022 19:17:57 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: systemd > Version: 250.1-2 > Severity: important > Tags: security upstream > Forwarded: https://github.com/systemd/systemd/pull/22070 > X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> > Control: found -1 249.7-1 > Control: found -1 247.3-6 > > Hi, > > The following vulnerability was published for systemd. > > CVE-2021-3997[0]: > | Uncontrolled recursion in systemd's systemd-tmpfiles > > Note while the issue while present before is exploitable only after > upstream commit e535840, and as such can be ignored for buster and > older. For bullseye it would be ideal to get a fix (via a point > release?). > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-3997 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997 > [1] https://github.com/systemd/systemd/pull/22070 > [2] https://www.openwall.com/lists/oss-security/2022/01/10/2 > > Regards, > Salvatore >
This is now also fixed in v247.11. https://github.com/systemd/systemd-stable/releases/tag/v247.11 -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part