Summary: | <sys-cluster/slurm-22.05.3: Remote code execution via environment mishandling (CVE-2021-31215) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | trivial | CC: | alexxy, cluster, peter.gustafson | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html | ||||||
Whiteboard: | ~2 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sam James
2021-05-15 01:27:59 UTC
Please bump. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=002aa381e511ead5a8b433a8b2ad5d5afd4d94fe commit 002aa381e511ead5a8b433a8b2ad5d5afd4d94fe Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-15 00:16:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-15 00:35:55 +0000 profiles: last rite sys-cluster/slurm Also remove the collectd unmasks in arch package.use.masks. Bug: https://bugs.gentoo.org/631552 Bug: https://bugs.gentoo.org/790296 Bug: https://bugs.gentoo.org/842789 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/arch/amd64/package.use.mask | 4 ---- profiles/arch/x86/package.use.mask | 4 ---- profiles/base/package.use.mask | 3 +++ profiles/package.mask | 6 ++++++ 4 files changed, 9 insertions(+), 8 deletions(-) Created attachment 802792 [details, diff]
patch required for minor bump
Major version (22.05.3) and minor (20.11.9) are both out and would address this bug. https://www.schedmd.com/news.php?id=265#OPT_265 (In reply to Peter Gustafson from comment #9) > Created attachment 802792 [details, diff] [details, diff] > patch required for minor bump Could you file a PR? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1947dd126dfbf1a19f631b770d3e36fffdf334e commit b1947dd126dfbf1a19f631b770d3e36fffdf334e Author: Alexey Shvetsov <alexxy@gentoo.org> AuthorDate: 2022-09-15 08:00:39 +0000 Commit: Alexey Shvetsov <alexxy@gentoo.org> CommitDate: 2022-09-15 08:00:39 +0000 sys-cluster/slurm: Update to new version Closes: https://bugs.gentoo.org/744148 Bug: https://bugs.gentoo.org/790296 Bug: https://bugs.gentoo.org/842789 Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org> sys-cluster/slurm/Manifest | 2 +- ...-lua.patch => slurm-22.05.3_autoconf-lua.patch} | 19 +- sys-cluster/slurm/metadata.xml | 6 +- sys-cluster/slurm/slurm-20.11.0.1-r105.ebuild | 275 --------------------- ...-20.11.0.1-r104.ebuild => slurm-22.05.3.ebuild} | 34 ++- 5 files changed, 38 insertions(+), 298 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a34a195a9b018eecac186686a2f88d21daff2f04 commit a34a195a9b018eecac186686a2f88d21daff2f04 Author: Alexey Shvetsov <alexxy@gentoo.org> AuthorDate: 2022-09-15 08:07:56 +0000 Commit: Alexey Shvetsov <alexxy@gentoo.org> CommitDate: 2022-09-15 08:07:56 +0000 profiles: Remove slurm p.mask since valnurable version no longer in tree Bug: https://bugs.gentoo.org/631552 Bug: https://bugs.gentoo.org/790296 Bug: https://bugs.gentoo.org/842789 Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org> profiles/package.mask | 6 ------ 1 file changed, 6 deletions(-) |