Source: systemd Version: 250.1-2 Severity: important Tags: security upstream Forwarded: https://github.com/systemd/systemd/pull/22070 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 249.7-1 Control: found -1 247.3-6
Hi, The following vulnerability was published for systemd. CVE-2021-3997[0]: | Uncontrolled recursion in systemd's systemd-tmpfiles Note while the issue while present before is exploitable only after upstream commit e535840, and as such can be ignored for buster and older. For bullseye it would be ideal to get a fix (via a point release?). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3997 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997 [1] https://github.com/systemd/systemd/pull/22070 [2] https://www.openwall.com/lists/oss-security/2022/01/10/2 Regards, Salvatore
