Bug#1010634: slurm-wlm: CVE-2022-29500

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1010634: slurm-wlm: CVE-2022-29500
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 05 May 2022 20:58:09 +0200
Message-id: <[🔎] 165177708913.3361449.6388526567155960728.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1010634@bugs.debian.org

Source: slurm-wlm
Version: 21.08.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 20.11.7+really20.11.4-2

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2022-29500[0]:
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control
| that leads to Information Disclosure.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-29500
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29500
[1] https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
[2] https://github.com/SchedMD/slurm/commit/500787548cf3da22cc69ca2111ce51f77543849b 

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: slurm-wlm: CVE-2022-29500
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1010634: marked as done (slurm-wlm: CVE-2022-29500)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1010633: slurm-wlm: CVE-2022-29501
Next by Date: Processed: slurm-wlm: CVE-2022-29500
Previous by thread: Bug#1010633: marked as done (slurm-wlm: CVE-2022-29501)
Next by thread: Processed: slurm-wlm: CVE-2022-29500
Index(es):
- Date
- Thread