Your message dated Tue, 11 Jan 2022 15:49:42 +0000
with message-id <[email protected]>
and subject line Bug#1003467: fixed in systemd 250.2-1
has caused the Debian Bug report #1003467,
regarding systemd: CVE-2021-3997: Uncontrolled recursion in systemd's
systemd-tmpfiles
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1003467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003467
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: systemd
Version: 250.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/pull/22070
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 249.7-1
Control: found -1 247.3-6
Hi,
The following vulnerability was published for systemd.
CVE-2021-3997[0]:
| Uncontrolled recursion in systemd's systemd-tmpfiles
Note while the issue while present before is exploitable only after
upstream commit e535840, and as such can be ignored for buster and
older. For bullseye it would be ideal to get a fix (via a point
release?).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
[1] https://github.com/systemd/systemd/pull/22070
[2] https://www.openwall.com/lists/oss-security/2022/01/10/2
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 250.2-1
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 Jan 2022 12:58:15 +0100
Source: systemd
Architecture: source
Version: 250.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 1003467
Changes:
systemd (250.2-1) unstable; urgency=medium
.
* New upstream version 250.2
- shared/rm-rf: loop over nested directories instead of recursing.
Fixes uncontrolled recursion in systemd-tmpfiles.
(CVE-2021-3997, Closes: #1003467)
* test: explicitly configure oomd stuff via dropins
* autopkgtest: add systemd-oomd dependency to upstream test.
We want systemd-oomd to be tested via the upstream provided
TEST-55-OOMD.
* Rebase patches
* Upload to unstable
Checksums-Sha1:
906add2cec643463deff987858e22086551e7443 5565 systemd_250.2-1.dsc
93c81bb3f51b8ec3fd6d1e2e6916f8037ca4770d 11121031 systemd_250.2.orig.tar.gz
0f765336d850b81f1575f1687da012070bdd9915 158720 systemd_250.2-1.debian.tar.xz
6198012f51cf67ae8a0ddbcce0b1482119902ce7 21073 systemd_250.2-1_amd64.buildinfo
Checksums-Sha256:
8ddb37a5db73f89e3de69e2f241bfa79130fa54ba1b1dd7aa068872ddaaf58fd 5565
systemd_250.2-1.dsc
603b4d015ea43faf2f703faa703826935721b868afe65dc2802131ac7949c8c8 11121031
systemd_250.2.orig.tar.gz
fab50384d6e8d250bb07adccfd89170350c61d0783312594fdb5bb9a414cb31c 158720
systemd_250.2-1.debian.tar.xz
d40681423e5cf127b5536476f0712a7bbf5c6b626cbe761dcf281adfe19b7bcb 21073
systemd_250.2-1_amd64.buildinfo
Files:
115554a4d8d4d131edbcb5e04c3e0483 5565 admin optional systemd_250.2-1.dsc
18c586a74749bbd1e97f94e1cf9729c4 11121031 admin optional
systemd_250.2.orig.tar.gz
89569516efb1e1c9465f8da7dabf6b0b 158720 admin optional
systemd_250.2-1.debian.tar.xz
d1492fec9b7f174061a591887618d364 21073 admin optional
systemd_250.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmHddOMACgkQauHfDWCP
Itzobw/+OjZfh4Bbk01aEWO2/aqo7w1A9uUtv6QgTc1OmKJq0axe/wTM0/1TJ0cS
CZhtIkBLHw7PRqxSO7RZMo0HC+LdPcmegkWoRbh7wlHDPunFQjHkwRHO1PNPVvY1
e4hNZ7WozaR67/WhcdanDgmlmpfwLOyyFL/Jq/ajNwKvGgXFxhsmVlUtLPL6Rasj
xMXr9jzKW20h0wUnYGcdOBkzwbOj8VhcW0h3aNSWoz9Tq/KwcvphkdI/8CUvMhA6
Pf/nO+JuvAyMl9JazbXWG0ULiHeCWTtmp2Fx8Caqc37wO/uk2gb/kwk7XI6d1U9L
+49I6w8Ckz3mfoTS1apgRLFB7IxnW4g5Yf0EGx++Drsd990tOS/aC6QHeQckYihN
XHOVgAsuBXzZUHANJVojp1smdapH3db2T0R7XKX2NHsNjwhKDr8smuRKBbNjEbpF
xSRJdrSXsSVjAu4FDpMHb+mz1XupeceSY/7zdn6yyOBv8wJpancEY6ShLv9aTUcP
mLDd/EHbMQfqpVcPHym0mJoqbXIklQ2vlJv7KTLJGD7CIdVjCPtYenFsv9RJ8QNF
1HhxoS49LoNrD1P+39b1J3NAdb7ytdCkWnuc46WZvu6Iv4AGWovBNkhg2m5Z1WV9
Bl2i+bjgPqTp7VlD8zB4tcoRpS7l2SAu4ntHnLnUHQ13YouH97A=
=bsvn
-----END PGP SIGNATURE-----
--- End Message ---
