Bug#988439: marked as done (slurm-wlm: CVE-2021-31215)
Your message dated Wed, 14 Jul 2021 22:48:29 +0000
with message-id <E1m3ng5-0006Jj-4h@fasolo.debian.org>
and subject line Bug#988439: fixed in slurm-wlm 20.11.7+really20.11.4-2
has caused the Debian Bug report #988439,
regarding slurm-wlm: CVE-2021-31215
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
988439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: slurm-wlm: CVE-2021-31215
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 13 May 2021 09:16:08 +0200
- Message-id: <162089016831.1603126.10259322795329348392.reportbug@eldamar.lan>
Source: slurm-wlm
Version: 20.11.5-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for slurm-wlm.
CVE-2021-31215[0]:
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before
| 20.11.7 allows remote code execution as SlurmUser because use of a
| PrologSlurmctld or EpilogSlurmctld script leads to environment
| mishandling.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-31215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31215
Please adjust the affected versions in the BTS as needed, I'm not sure
if older versions as in buster are affected as well.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: slurm-wlm
Source-Version: 20.11.7+really20.11.4-2
Done: Gennaro Oliva <oliva.g@na.icar.cnr.it>
We believe that the bug you reported is fixed in the latest version of
slurm-wlm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 988439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gennaro Oliva <oliva.g@na.icar.cnr.it> (supplier of updated slurm-wlm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Jul 2021 00:00:35 +0200
Source: slurm-wlm
Architecture: source
Version: 20.11.7+really20.11.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
Changed-By: Gennaro Oliva <oliva.g@na.icar.cnr.it>
Closes: 988439
Changes:
slurm-wlm (20.11.7+really20.11.4-2) unstable; urgency=medium
.
* Fix CVE-2021-31215 (Closes: #988439)
Checksums-Sha1:
78fd351b91ff907a35c3c393ea8bb7eba0849513 3865 slurm-wlm_20.11.7+really20.11.4-2.dsc
e2a4fccfe56d76d36d20dfb263672e621d25cef9 8840768 slurm-wlm_20.11.7+really20.11.4.orig.tar.gz
53ae259de140b9df45ceaafd1e856ad1c35498b4 134276 slurm-wlm_20.11.7+really20.11.4-2.debian.tar.xz
2d0d7d285170fbdfca9aab61bad7704abbe5d9e5 23260 slurm-wlm_20.11.7+really20.11.4-2_amd64.buildinfo
Checksums-Sha256:
935f401c4c9e6cec5b4c4eb351bc0f2556cd0cbeba71feb4e6f11be9c9caee3e 3865 slurm-wlm_20.11.7+really20.11.4-2.dsc
06c5333e85f531730bf1c6eb48a8d48a551d9090540ce37b78181024273fb6bd 8840768 slurm-wlm_20.11.7+really20.11.4.orig.tar.gz
26cc6d2c55cb55b30d70fa15b877cb28df4a397284b1de64e0eb9fa60de1934d 134276 slurm-wlm_20.11.7+really20.11.4-2.debian.tar.xz
8e19a0db0775d55e3eea6f77b49a088710fc9159600a845b8daa7cd16cb90c1b 23260 slurm-wlm_20.11.7+really20.11.4-2_amd64.buildinfo
Files:
c8690dc79028bad4ca4dea30a2c23dde 3865 admin optional slurm-wlm_20.11.7+really20.11.4-2.dsc
6f450d9dedc65398003e481c9cb74723 8840768 admin optional slurm-wlm_20.11.7+really20.11.4.orig.tar.gz
2ebc0f453aeb3cfaf8d82f44fa21126a 134276 admin optional slurm-wlm_20.11.7+really20.11.4-2.debian.tar.xz
d3fddb817d37cd5293fa9907dfd71da7 23260 admin optional slurm-wlm_20.11.7+really20.11.4-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAmDvYOcXHG9saXZhLmdA
bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhdcFsA/9HHHKpYuHDV0bXcnkTfLKJ0B+
89rHZ9/uNorMB5It+tgreE0ulImD+lmmfTuIzKCfoUa6gpL3Yai5/MNXlThc0gOt
6RFQC817vEVFiXCMazO4r/YmaxPNkgrx2VfUkLAlRuECp2R8vpTs3SUqzgDf6X9v
AD6KjMSnBCZV5/n0KvWTf2mq1ADRMJY3Puw23mdZ+uzNkIFnlG71wwOLlJZvBps4
u++F/qm0ufqRmVDZzUqnkq6y2UtGyWXezOw3/YRiBVK4Qf4T1eUQ3BKyM9FRlGKS
t2g74OWK8sK1Z6q5NJuGbAmQkSWQRcW0qzLxRdLYrQwiDM+mZZkC15zTSU7ikx2M
g5H1OfdPDxUiP14uYNIaxk2l/RxLxlO8vunN2P9Lzp+VI0axcmtmVe+qk9Mzd8Mx
Iv94kZvcvq5BUFiwTEVXxnGndRp3KyJtb2V8R02bLpEj480aXUXO32wKTXeIVsof
/+ZFUb7TIUmpKHiv9atul+gj/QKHxlH+TodIxmEfMnPZGXBHMo9EQo9bBMLCJebI
3Bh4oR8wI26JSoJs7qg4eJj3ufNSKBRjD2whHkZIFtXqJ8GNM1F55qxZ2KwCMpLp
ij4eb1v93qBTRDpDtH24rqK2t7MojyykxtQNDF7R9JM3hznC79K/45U9gZKez00p
k00VjzLxM+m9BxA+aTE=
=dCq8
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: