Bug#1104929: marked as done (slurm-wlm: CVE-2025-43904)

To: Shengqi Chen <harry@debian.org>
Subject: Bug#1104929: marked as done (slurm-wlm: CVE-2025-43904)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 09 Jul 2025 17:19:04 +0000
Message-id: <[🔎] handler.1104929.D1104929.17520814323610387.ackdone@bugs.debian.org>
Reply-to: 1104929@bugs.debian.org
References: <E1uZYPt-00DChE-E6@fasolo.debian.org> <174673241774.1482115.18114041420112258454.reportbug@eldamar.lan>

Your message dated Wed, 09 Jul 2025 17:17:09 +0000
with message-id <E1uZYPt-00DChE-E6@fasolo.debian.org>
and subject line Bug#1104929: fixed in slurm-wlm 22.05.8-4+deb12u3
has caused the Debian Bug report #1104929,
regarding slurm-wlm: CVE-2025-43904
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1104929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104929
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: slurm-wlm: CVE-2025-4390
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 08 May 2025 21:26:57 +0200
Message-id: <174673241774.1482115.18114041420112258454.reportbug@eldamar.lan>

Source: slurm-wlm
Version: 24.11.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2025-4390[0]:
| A mistake with permission handling for Coordinators within Slurm's 
| accounting system can allow a Coordinator to promote a user to 
| Administrator.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-4390
    https://www.cve.org/CVERecord?id=CVE-2025-4390
[1] https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1104929-close@bugs.debian.org
Subject: Bug#1104929: fixed in slurm-wlm 22.05.8-4+deb12u3
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 09 Jul 2025 17:17:09 +0000
Message-id: <E1uZYPt-00DChE-E6@fasolo.debian.org>
Reply-to: Shengqi Chen <harry@debian.org>

Source: slurm-wlm
Source-Version: 22.05.8-4+deb12u3
Done: Shengqi Chen <harry@debian.org>

We believe that the bug you reported is fixed in the latest version of
slurm-wlm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1104929@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Shengqi Chen <harry@debian.org> (supplier of updated slurm-wlm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 04 Jul 2025 17:32:39 +0800
Source: slurm-wlm
Architecture: source
Version: 22.05.8-4+deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
Changed-By: Shengqi Chen <harry@debian.org>
Closes: 1104929
Changes:
 slurm-wlm (22.05.8-4+deb12u3) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Add patch to fix CVE-2025-43904 (Closes: #1104929).
Checksums-Sha1:
 9320c41a53e6b7ce9799c946b9e9f1303db7c50d 4909 slurm-wlm_22.05.8-4+deb12u3.dsc
 94a0658a68f8eb4524f1816d157ac8c5af890bd9 147096 slurm-wlm_22.05.8-4+deb12u3.debian.tar.xz
 5c862627915743a2e4783043376f0e6d1936a41b 7061 slurm-wlm_22.05.8-4+deb12u3_source.buildinfo
Checksums-Sha256:
 6cc6b9d62ee09feca35400f624d9c199afdc9dfc55c71c87b79eb0d2b2d87965 4909 slurm-wlm_22.05.8-4+deb12u3.dsc
 8608fed8f3f51bbaeadcf9f201da82a2b7b22e01d36b590570801b702b1820c2 147096 slurm-wlm_22.05.8-4+deb12u3.debian.tar.xz
 c8f8597fd848f8480fb4c9e7c6f6d4cd0ac437cb4c8338ab9dda3636936b8be5 7061 slurm-wlm_22.05.8-4+deb12u3_source.buildinfo
Files:
 033fcc245fe56319a690d8dab57baf15 4909 admin optional slurm-wlm_22.05.8-4+deb12u3.dsc
 5b24b85029f1b6fb5872a9aefff4be13 147096 admin optional slurm-wlm_22.05.8-4+deb12u3.debian.tar.xz
 94f2596d7cf02173f96acc62627fe355 7061 admin optional slurm-wlm_22.05.8-4+deb12u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmhr+qMACgkQNP8o68vM
TMjdvwf8CAO9lnv2inJxClD2eec/gPbZrA7aQQJ5/0QJ6FWNbJs9P/4IN7bfLgTe
5Gw4Ub/KclniArJhUgOF9aDSbQHTyn+REx3R0skzIiMQRewLYfKe2xAIjFpRyrKQ
JHER+YyCfloyNEyJXV1aYUXOeHOyShpg6UCmmfRSMP05TcuCbgsPRTThBEeCGGOi
X+O4OCjHqHidsM/k9BEf2Zi1HZSOeNUfnWSa74ZPWJZh8Zdhh9T794AZjZYRvCIP
/Hgctzd6/bPb9drpgUEyrCb0FWHaSnPhs1JoFlw2Q3sZqi6nBCnJw5ucc775x4pl
8Ds9IjWIxSgFKsxBoOEkI3a/kFl+iA==
=Ccfq
-----END PGP SIGNATURE-----

Attachment: pgp3tP1IQj7vp.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: slurm-wlm_22.05.8-4+deb12u3_source.changes ACCEPTED into proposed-updates
Next by Date: Processing of slurm-wlm_24.11.5-4_source.changes
Previous by thread: slurm-wlm_22.05.8-4+deb12u3_source.changes ACCEPTED into proposed-updates
Next by thread: Processing of slurm-wlm_24.11.5-4_source.changes
Index(es):
- Date
- Thread