Summary: | <sys-apps/shadow-4.13-r3: passwd file manipulation via chfn | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Vetter <jubalh> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | base-system |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/30644 | ||
Whiteboard: | A4 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 904520 | ||
Bug Blocks: |
Description
Michael Vetter
2023-04-18 16:04:57 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f00fc3d1955bec0b229a0a4e5affc3080f4554fd commit f00fc3d1955bec0b229a0a4e5affc3080f4554fd Author: Michael Vetter <jubalh@iodoru.org> AuthorDate: 2023-04-18 16:01:40 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-04-18 16:33:34 +0000 sys-apps/shadow: fix CVE-2023-29383 See: https://nvd.nist.gov/vuln/detail/CVE-2023-29383 Bug: https://bugs.gentoo.org/904518 Signed-off-by: Michael Vetter <jubalh@iodoru.org> Closes: https://github.com/gentoo/gentoo/pull/30644 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../shadow/files/shadow-4.13-CVE-2023-29383.patch | 100 ++++++++ sys-apps/shadow/shadow-4.13-r3.ebuild | 264 +++++++++++++++++++++ 2 files changed, 364 insertions(+) Thanks! Please cleanup Cleanup done. I'm faily certain this bug can be closed. It was fixed in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f00fc3d1955b and the ebuild for sys-apps/shadow-4.13-r3 was removed in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46c3163eef63 Security bugs have a process beyond that where we decide to GLSA or not. Understood. I'll avoid suggesting closing security bugs going forward unless it hasn't be closed after a glsa has been made. :) |