[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931880: slurm-llnl: CVE-2019-12838

Source: slurm-llnl
Severity: grave
Tags: security upstream
Control: found -1 
Control: found -1 16.05.9-1+deb9u4
Control: found -1 16.05.9-1


The following vulnerability was published for slurm-llnl. I'm filling
it with an RC severity to be on safe side, but if you have more
information available and think the RC severity is not warranted
please feel free to then downgrade.

| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL
| Injection.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12838
[1] https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html

Please adjust the affected versions in the BTS as needed. [1] say that
whilest only 19.05 and 18.08 releases are patched previous releases
were affected as well.


Reply to: