CVE-2022-2787: Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
new schroot added. let's bake it a bit and stabilize in about a week.
Thanks!
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1e3b136015aeecc30a269e9e907cc055252e547 commit b1e3b136015aeecc30a269e9e907cc055252e547 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-10-10 04:51:14 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-10-10 04:51:14 +0000 dev-util/schroot: drop 1.6.10_p12-r2 Bug: https://bugs.gentoo.org/867016 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-util/schroot/Manifest | 2 - dev-util/schroot/schroot-1.6.10_p12-r2.ebuild | 148 -------------------------- 2 files changed, 150 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=50d4eab0aad67c58b06eeda01b8ebe92c11a08c7 commit 50d4eab0aad67c58b06eeda01b8ebe92c11a08c7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:08:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-11 ] schroot: Denial of Service Bug: https://bugs.gentoo.org/867016 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-11.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
GLSA released, all done!
