Re: [SECURITY] [DLA 3436-1] sssd security update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 3436-1] sssd security update
From: Bastian Blank <waldi@debian.org>
Date: Tue, 30 May 2023 09:21:40 +0200
Message-id: <[🔎] 20230530072140.2iv2jt4x2n7e6orz@shell.thinkmo.de>
Mail-followup-to: Bastian Blank <waldi@debian.org>, debian-lts@lists.debian.org
In-reply-to: <ZHSsGdJFO6RBnV9J@debian.org>
References: <ZHSsGdJFO6RBnV9J@debian.org>

On Mon, May 29, 2023 at 03:43:53PM +0200, Guilhem Moulin wrote:
> Package        : sssd
> Version        : 1.16.3-3.2+deb10u1
> CVE ID         : CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 CVE-2022-4254
> Debian Bug     : 919051 931432 992710

This update is broken.  libsss-certmap.so.0 was changed in an
incompatible way (new symbols):

| +SSS_CERTMAP_0.2 {
| +    global:
| +        sss_certmap_expand_mapping_rule; 
| +} SSS_CERTMAP_0.1;

But no proper dependency exists to pull in the new library:

| $ apt rdepends libsss-certmap0 
| libsss-certmap0
| Reverse Depends:
|   Depends: libsss-certmap-dev (= 1.16.3-3.2+deb10u1)
|   Depends: sssd-common

This breaks of course with the "smallest step possible" upgrade mode of
unattended-upgrades.

Bastian

-- 
Where there's no emotion, there's no motive for violence.
		-- Spock, "Dagger of the Mind", stardate 2715.1

Reply to:

Prev by Date: Re: [Pkg-netatalk-devel] Bug#1036740: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata
Previous by thread: Re: [Pkg-netatalk-devel] Bug#1036740: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata
Index(es):
- Date
- Thread