Bug#988439: marked as done (slurm-wlm: CVE-2021-31215)
Your message dated Tue, 15 Jun 2021 20:18:33 +0000
with message-id <E1ltFW5-0001ME-Gk@fasolo.debian.org>
and subject line Bug#988439: fixed in slurm-wlm 20.11.7-1
has caused the Debian Bug report #988439,
regarding slurm-wlm: CVE-2021-31215
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
988439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: slurm-wlm: CVE-2021-31215
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 13 May 2021 09:16:08 +0200
- Message-id: <162089016831.1603126.10259322795329348392.reportbug@eldamar.lan>
Source: slurm-wlm
Version: 20.11.5-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for slurm-wlm.
CVE-2021-31215[0]:
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before
| 20.11.7 allows remote code execution as SlurmUser because use of a
| PrologSlurmctld or EpilogSlurmctld script leads to environment
| mishandling.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-31215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31215
Please adjust the affected versions in the BTS as needed, I'm not sure
if older versions as in buster are affected as well.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: slurm-wlm
Source-Version: 20.11.7-1
Done: Gennaro Oliva <oliva.g@na.icar.cnr.it>
We believe that the bug you reported is fixed in the latest version of
slurm-wlm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 988439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gennaro Oliva <oliva.g@na.icar.cnr.it> (supplier of updated slurm-wlm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 15 Jun 2021 17:49:41 +0200
Source: slurm-wlm
Architecture: source
Version: 20.11.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
Changed-By: Gennaro Oliva <oliva.g@na.icar.cnr.it>
Closes: 988439
Changes:
slurm-wlm (20.11.7-1) unstable; urgency=medium
.
* New upstream release fixes CVE-2021-31215 (Closes: #988439)
* Add typo patch for acct_gather.conf man page
* Update miscellanea manpage patch
Checksums-Sha1:
fe2ee969a6f63029afc6ebdf34015fb484c6735b 3767 slurm-wlm_20.11.7-1.dsc
ce927fbf2f7d5f908ed87c5d521abc696b9a2508 8938461 slurm-wlm_20.11.7.orig.tar.gz
2fa7d2e9861d433e7244f55e88445d5b0bb789b7 127044 slurm-wlm_20.11.7-1.debian.tar.xz
28eaa5c2dd64e7bd317c257ad771e6a6bd889d4e 21874 slurm-wlm_20.11.7-1_amd64.buildinfo
Checksums-Sha256:
224bd011881ffa75702f34058d6f6aa4a1aa87d71b49549636f49f97afc7be25 3767 slurm-wlm_20.11.7-1.dsc
7d92babd97d0b8750b8c25eced4507323aff32a9d85af3a644c1acedbddb9d2f 8938461 slurm-wlm_20.11.7.orig.tar.gz
b325867245e88e35a1c27408611e365c7a4f7a5ab49a0170fe3c22672ab4b046 127044 slurm-wlm_20.11.7-1.debian.tar.xz
32368a0eb0348efc896be3f67ead95e0fbb1382581c6ff26cb4c1336ef8b6f60 21874 slurm-wlm_20.11.7-1_amd64.buildinfo
Files:
3c22c6fb65ed7ae02e130ebfeeafa2ff 3767 admin optional slurm-wlm_20.11.7-1.dsc
4fb8933f63ead8c98c2fcdf51db07224 8938461 admin optional slurm-wlm_20.11.7.orig.tar.gz
aac0ed4138f4e3e7b1326ca28109495b 127044 admin optional slurm-wlm_20.11.7-1.debian.tar.xz
c8efd33750b39eb3491fb3027d6ac8df 21874 admin optional slurm-wlm_20.11.7-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAmDIzpIXHG9saXZhLmdA
bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhdeWUA//Sid/T9Zx8XG0fEctUSbwfhPa
fTCroY2XyKmo7YmBAuRwFJ3Bn8MQwyElwNDw+c1mAGUqa6E+5OPv8+tQHJmD7DyU
pc/EylWJ8GPsTiXK4sj2ra73VhOPrdB/3KA7OAvWyYNpt5BymTlHWhkgkdRWHu8v
KGrJlzkhuA4qDnZtJBR8AFAD7SQu+Hlkc4+eJ4uK2RiPW8KCSzAluTs+MLLHNaFI
XEAjA4y6yP3M5vSOAuZ9MwH8okB8pCJOMSaE2o/2DzkBobBC+Dyupk1FAOHrCnnN
zi1UrDI1zqFs6RL09/g8twy0ncAMGDJ9F/+tabvO9g81N391fUwNW/rfGoagqOhE
Hs223dQ20eZmHrUkt4kp4Y3+ZlzoYt8+fx1/mh6EfC7KITJmYS7gMzxf23k6E5Wh
YL2Vs+Unlkq6fX+IjAO6cMkX8aaUS018RROUmPypI2f3MvAXK0AcFJ5MXvvLDA5b
U3l7nkUTw0vdwh7UxeKBo8TSSA/x3xcLciWkqsRrvOtprtS6ASBl7o/f1kKLLVwb
orXdFzzX2d9nYs9Mi1vKVoa8bT9V1RzRxwgiB8dwd7gvO/OAeTM5OsS/ddYWVD1n
XHqT+qb355fOq2kCofbrtdP3+Um2kKxKlpA7HoDPPbZhuskzOsi8SWxnnrhz1QPh
xooBLQmCIRhSYmRWnBs=
=ZQCF
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: