Bug#1002540: marked as done (condor: CVE-2021-45101)

[Debian Bug Tracking System]

Your message dated Fri, 05 Jan 2024 13:00:12 +0000
with message-id <e1rljo4-003ncp...@fasolo.debian.org>
and subject line Bug#1002540: fixed in condor 23.2.0+dfsg-1
has caused the Debian Bug report #1002540,
regarding condor: CVE-2021-45101
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1002540: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002540
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: condor
Version: 8.6.8~dfsg.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for condor.

CVE-2021-45101[0]:
| An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4,
| and 9.1.x before 9.1.2. Using standard command-line tools, a user with
| only READ access to an HTCondor SchedD or Collector daemon can
| discover secrets that could allow them to control other users' jobs
| and/or read their data.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45101
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45101
[1] 
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
[2] 
https://github.com/htcondor/htcondor/8b311dee6dee6be518e65381e020fb74848b552b

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: condor
Source-Version: 23.2.0+dfsg-1
Done: Tim Theisen <t...@cs.wisc.edu>

We believe that the bug you reported is fixed in the latest version of
condor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1002...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tim Theisen <t...@cs.wisc.edu> (supplier of updated condor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Dec 2023 20:30:00 -0600
Source: condor
Binary: condor condor-annex-ec2 condor-dbgsym condor-dev condor-doc condor-kbdd 
condor-kbdd-dbgsym condor-test condor-test-dbgsym condor-upgrade-checks 
condor-vm-gahp condor-vm-gahp-dbgsym htcondor htcondor-annex-ec2 htcondor-dev 
htcondor-doc htcondor-test htcondor-upgrade-checks minicondor minihtcondor
Architecture: source amd64 all
Version: 23.2.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HPC Team <debian-...@lists.debian.org>
Changed-By: Tim Theisen <t...@cs.wisc.edu>
Description:
 condor     - distributed workload management system
 condor-annex-ec2 - distributed workload management system - single node 
configuratio
 condor-dev - distributed workload management system - development files
 condor-doc - distributed workload management system - documentation
 condor-kbdd - distributed workload management system - single node configuratio
 condor-test - distributed workload management system - single node configuratio
 condor-upgrade-checks - distributed workload management system - single node 
configuratio
 condor-vm-gahp - distributed workload management system - single node 
configuratio
 htcondor   - transitional dummy package
 htcondor-annex-ec2 - transitional dummy package
 htcondor-dev - transitional dummy package
 htcondor-doc - transitional dummy package
 htcondor-test - transitional dummy package
 htcondor-upgrade-checks - transitional dummy package
 minicondor - distributed workload management system - single node configuratio
 minihtcondor - transitional dummy package
Closes: 671467 790545 925657 936323 963777 966726 982050 995838 1000130 1002540 
1008634 1020692
Changes:
 condor (23.2.0+dfsg-1) unstable; urgency=medium
 .
   [ Tim Theisen ]
   * Add backward compatible overrides for old lintian used by ftp-masters
   * new upstream feature release (Closes: #982050, #995838, #1020692)
   * Fixes for CVE-2019-18823 (Closes: #963777)
   * Fixes for CVE-2021-25311
   * Fixes for CVE-2021-25312
   * Fixes for CVE-2021-45101 (Closes: #1002540)
   * Fixes for CVE-2021-45102
   * Fixes for CVE-2021-45103
   * Fixes for CVE-2021-45104
   * Fixes for CVE-2022-26110 (Closes: #1008634)
   * Builds with GCC 12 (Closes: #925657)
   * Python bindings for Python 3 (Closes: #790545, #936323, #966726)
   * Port to libpcre2 (Closes: #1000130)
   * Remove globus support (upstream change) (Closes: #671467)
   * add minihtcondor package
   * add htcondor-annex-ec2 package
   * restore openstack_gahp sources
   * Squash lintian errors and warnings
   * Too many to mention see online documentation:
     - https://htcondor.readthedocs.io/en/23.x/version-history/index.html
 .
   [ Alex Waite ]
   * new upstream stable release (update to latest 8.8 stable series)
     - new tool: 'condor_now' - run a job right now by swapping it with another
       specified running job.
     - now tracks and reports GPU Usage and GPU memory usage
     - new grid type 'azure'
     - support for user and daemon authentication using the MUNGE service
     - fixed a memory leak in SSL authentication
     - Reduced encrypted file transfer CPU usage by a factor of six
     - HTCondor can now recognize nVidia Volta and Turing GPUs
   * drop numerous patches (thanks to Tim Theisen's upstreaming efforts!)
   * retire init.d scripts
   * fix assorted lintian errors
 .
   [ Andreas Tille ]
   * cme fix dpkg-control:
      - Point Vcs-fields to Salsa
      - Priotity: optional
      - Drop unneeded versions from dependencies
   * Fix watch file
   * Maintain Files-Excluded
   * debhelper-compat 13 (routine-update)
   * Remove trailing whitespace in debian/control (routine-update)
   * Add salsa-ci file (routine-update)
   * Rules-Requires-Root: no (routine-update)
   * Trim trailing whitespace.
   * Transition to automatic debug package (from: htcondor-dbg).
   * Use secure URI in Homepage field.
   * Apply multi-arch hints.
     + htcondor-doc: Add Multi-Arch: foreign.
   * Fix clean target
   * Add missing build dependency on dh addon.
   * Build-Depends: libscitokens-dev, libsqlite3-dev, libglobus-gss-assist-dev
   * Build-Depends: python3-sphinx-autodoc-typehints, python3-nbsphinx
   * Standards-Version: 4.6.1 (routine-update)
   * Fix some issues via `cme fix dpkg-control`
   * Fix VCS fields
   * Build-Depends: rapidjson-dev
   * Enable hardening options
   * Drop windows binaries from upstream source
   * Avoid privacy breach by bootstrap and jquery links
   * Set upstream metadata fields: Repository-Browse.
   * Remove field Section on binary packages htcondor-annex-ec2, minihtcondor
     that duplicates source.
   * Enforce bash as interpreter if bash syntax is used
   * Enable binNMUs
   * Drop unneeded debian/htcondor.conffiles
   * Lintian-overrides
   * Team maintenance by Debian HPC Team <debian-...@lists.debian.org>
   * Remove /etc/rc.d/init.d/glite-ce-blah-parser from htcondor package
   * https in watch file
   * Remove manual creation of trigger
   * Move bash_completion to correct dir
   * Remove debian/htcondor.templates
   * watch file reports only even numbered minor versions
Checksums-Sha1:
 441c8cbe36c66d8435aaea728eb466bcf2567043 3464 condor_23.2.0+dfsg-1.dsc
 ab27ffc4235ebe101a854d10db048cf7414ace04 8104368 condor_23.2.0+dfsg.orig.tar.xz
 42431bf9bf9cf4a5c790335909eca815da3212fb 24940 
condor_23.2.0+dfsg-1.debian.tar.xz
 614072a3428d87930bf8c806cdf8629cc07723dd 13916 
condor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 deedc40f5d00b0f661fb5b7238c50a5f59335595 108380588 
condor-dbgsym_23.2.0+dfsg-1_amd64.deb
 42c06ece3f87c3b085a1dbee88eddb6ed209304b 669564 
condor-dev_23.2.0+dfsg-1_amd64.deb
 7eb8517936ca5fc1b2655d574332569bebbdf4c1 75200 condor-doc_23.2.0+dfsg-1_all.deb
 5ccfbd8f7b6a46f0b66da99e5e929f2f461522bc 383980 
condor-kbdd-dbgsym_23.2.0+dfsg-1_amd64.deb
 a96c4f05d9d9d86aedf45e22a6512de7462e915c 17096 
condor-kbdd_23.2.0+dfsg-1_amd64.deb
 4aaeb6183dc9518812297714a09581d71384005e 409864 
condor-test-dbgsym_23.2.0+dfsg-1_amd64.deb
 f717a62acb174476b3aa2d510f133fe89f5005de 28908 
condor-test_23.2.0+dfsg-1_amd64.deb
 6caa446944e72e34c3a0504799b48b4259c7b1cb 16880 
condor-upgrade-checks_23.2.0+dfsg-1_all.deb
 949274049a4f7f0c23eff0cf3c78c1d9bd0a8b8a 999132 
condor-vm-gahp-dbgsym_23.2.0+dfsg-1_amd64.deb
 423197f5380c36da7b6f4e2d84c8d5781a4413d3 66560 
condor-vm-gahp_23.2.0+dfsg-1_amd64.deb
 b24887017016ecd68d13e409e14b2e7e69123303 21180 
condor_23.2.0+dfsg-1_amd64.buildinfo
 7517a6b0fd371fc0fc30e868b99c200b8bca79b0 8683060 condor_23.2.0+dfsg-1_amd64.deb
 cd76a810d02bb267d2a756e43deb098ea9a037c5 8232 
htcondor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 4af9a860c6c6cc3347f1dabb31d5677b8e5d8e65 8216 
htcondor-dev_23.2.0+dfsg-1_amd64.deb
 cd7e85babceb982579dbf1a7759718ab77471058 8228 
htcondor-doc_23.2.0+dfsg-1_all.deb
 f9637fb72da93836bdf116138e671751adf7e17f 8220 
htcondor-test_23.2.0+dfsg-1_amd64.deb
 011b848cbed5139d6c310d1d7050d8564fea103b 8240 
htcondor-upgrade-checks_23.2.0+dfsg-1_all.deb
 2197bbf576d252f1d9860a3c63f8c2ac706dec72 8204 htcondor_23.2.0+dfsg-1_amd64.deb
 4ddd7eac5eaf8484c7e3d8061c30cbf2eed1c8bc 10556 
minicondor_23.2.0+dfsg-1_amd64.deb
 22c9ef6222e265f1970b8dccc61511db1caca366 8220 
minihtcondor_23.2.0+dfsg-1_amd64.deb
Checksums-Sha256:
 51fc4c2bb6a444c5ddb0813d8ec4eb09a9df0cd1943d24c0e59a37378ab96113 3464 
condor_23.2.0+dfsg-1.dsc
 5c1c1fa40739b1d782c9bb726e0a7c792c098b515ec3296e83b94e3916a9dd49 8104368 
condor_23.2.0+dfsg.orig.tar.xz
 4e947d1ab80681e8caa267a4a25df2f9ead115baf34218878461507b103483ff 24940 
condor_23.2.0+dfsg-1.debian.tar.xz
 35e9e0c796a97990b1a39a04841cfb8a7743b67bda444cf92cfe14efd407d789 13916 
condor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 62e5869eef0618e372d04ea5d2824813adc6b85add1f2b4ab375cf5eb247359c 108380588 
condor-dbgsym_23.2.0+dfsg-1_amd64.deb
 1d0b9d5c2f7e2ee49aea7d0563970d1db8613c30247e2e24af10ea7764d71540 669564 
condor-dev_23.2.0+dfsg-1_amd64.deb
 433aece387c6d8238b4b5100bb6c224b7e6660557653a81ac5f5511925d563c3 75200 
condor-doc_23.2.0+dfsg-1_all.deb
 431c6192b6f65fb80133a13e9a8b37f80633230bd09edf630c35fc9285991dc2 383980 
condor-kbdd-dbgsym_23.2.0+dfsg-1_amd64.deb
 712e76206515a5c7ee43ee6d81e9208f5cf9a67ce869b31b1dd5b36a05aaeadd 17096 
condor-kbdd_23.2.0+dfsg-1_amd64.deb
 168e3fa577d9e49b91ac47fe038c8e349d28430784f0a3f9897e2bcff3d99c58 409864 
condor-test-dbgsym_23.2.0+dfsg-1_amd64.deb
 402e87d6636996b372fefd41d44d61e1c5218d8d0893900a5fd8c47a9831d154 28908 
condor-test_23.2.0+dfsg-1_amd64.deb
 51fb3544a60338a3d99954e19d3e6ea85338474f7bbc96965f826414f0d33925 16880 
condor-upgrade-checks_23.2.0+dfsg-1_all.deb
 81c21b8d7f7e2a53ec5cecc4ef0b8625979a4803a65cc5fb403a381c6889054c 999132 
condor-vm-gahp-dbgsym_23.2.0+dfsg-1_amd64.deb
 d76ca0c6b46fe7853cd4bca591bfd3db1191de891a19fad873c5220cf93c7ee6 66560 
condor-vm-gahp_23.2.0+dfsg-1_amd64.deb
 fd3cbf3c86e6c66985514d9b1ec49a55bb72f240f67a2cd3af1d8f92bb1266d9 21180 
condor_23.2.0+dfsg-1_amd64.buildinfo
 091760f866d4d9db3312cf3528bfffb270b03161bf78532ef66ca86885aa7313 8683060 
condor_23.2.0+dfsg-1_amd64.deb
 178c798dccd3137975496d8e8c5f2794677820f0092f884b022846f2527c297f 8232 
htcondor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 a6b3784a4a5ebc154ea7e876e51e287c8343bf6bc7819aece490fa72a5cfc5b7 8216 
htcondor-dev_23.2.0+dfsg-1_amd64.deb
 ab8030a873412fd1f36607424e7402d82f0938801ffd1238813327cf68fa44ea 8228 
htcondor-doc_23.2.0+dfsg-1_all.deb
 960d91dded35e5e065f1d3996dd32c9a4f32302efef247e251987d3dc48bfa64 8220 
htcondor-test_23.2.0+dfsg-1_amd64.deb
 ad8016cb2689d26658e7e8437185fb0c0c59f151c2aea2053534784e87a23cd0 8240 
htcondor-upgrade-checks_23.2.0+dfsg-1_all.deb
 3d2e76fc4943c0f24f2a401eab78a7956afd5a7e058756dbc7c6424ad07d5aac 8204 
htcondor_23.2.0+dfsg-1_amd64.deb
 80cdbd685b301a1a7821bebc839fa331727efa84b7f7dc37e0971ead4765d0d9 10556 
minicondor_23.2.0+dfsg-1_amd64.deb
 716f7d94e2b2a5919e6541efabf98997a03d4c24251d6457e7da7c004872c377 8220 
minihtcondor_23.2.0+dfsg-1_amd64.deb
Files:
 6ee2f7896bb13c66d395be5f0c776a41 3464 science optional condor_23.2.0+dfsg-1.dsc
 b123ed2eb54d564d7a2962250fedf44a 8104368 science optional 
condor_23.2.0+dfsg.orig.tar.xz
 8e38c3f07abd59a21ebec0429d960d75 24940 science optional 
condor_23.2.0+dfsg-1.debian.tar.xz
 fe134a65fe3e2902048f6ad249a01daa 13916 science optional 
condor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 1f0707a8c0144a82a79d59952c1832db 108380588 debug optional 
condor-dbgsym_23.2.0+dfsg-1_amd64.deb
 5eebf352d1c1c883c08db5ec5ccbd0e8 669564 libdevel optional 
condor-dev_23.2.0+dfsg-1_amd64.deb
 50040385d63d3bae6392c389d517e208 75200 doc optional 
condor-doc_23.2.0+dfsg-1_all.deb
 d836b341ea894d9b0b799e17c65d8717 383980 debug optional 
condor-kbdd-dbgsym_23.2.0+dfsg-1_amd64.deb
 7a259c1d560acc2b62dbae7ac67314f2 17096 science optional 
condor-kbdd_23.2.0+dfsg-1_amd64.deb
 18212f9c184759ecbda5dde9cc205b28 409864 debug optional 
condor-test-dbgsym_23.2.0+dfsg-1_amd64.deb
 d03c736c4edcdb9e2f234ecdc6066f20 28908 science optional 
condor-test_23.2.0+dfsg-1_amd64.deb
 e346aed74d7b0650661aa760d5477369 16880 science optional 
condor-upgrade-checks_23.2.0+dfsg-1_all.deb
 fa01992f67addcf4659aac3f80f93285 999132 debug optional 
condor-vm-gahp-dbgsym_23.2.0+dfsg-1_amd64.deb
 edb8368e08b972a5a33251c281034979 66560 science optional 
condor-vm-gahp_23.2.0+dfsg-1_amd64.deb
 4997c7f2c11b1f105981cc3129e28751 21180 science optional 
condor_23.2.0+dfsg-1_amd64.buildinfo
 fadeee7fc6349df35976be609d8b628f 8683060 science optional 
condor_23.2.0+dfsg-1_amd64.deb
 ca1bc14ef385765996ee8fed2853cc9c 8232 science optional 
htcondor-annex-ec2_23.2.0+dfsg-1_amd64.deb
 a6712609d132179a86ec6c20242ea138 8216 science optional 
htcondor-dev_23.2.0+dfsg-1_amd64.deb
 b9518d99d0a52c137e6f7641197b2c0f 8228 science optional 
htcondor-doc_23.2.0+dfsg-1_all.deb
 cc125467343c07c4f98747568576f339 8220 science optional 
htcondor-test_23.2.0+dfsg-1_amd64.deb
 76f5a84ba6b832898dba548a371d8e92 8240 science optional 
htcondor-upgrade-checks_23.2.0+dfsg-1_all.deb
 f030c9684f8814914679458106d70333 8204 science optional 
htcondor_23.2.0+dfsg-1_amd64.deb
 ba4dfa1d830787ca3f7d955ff5a730a2 10556 science optional 
minicondor_23.2.0+dfsg-1_amd64.deb
 4eb83a0f8f88016224aaa1ae3d1c6804 8220 science optional 
minihtcondor_23.2.0+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmWXzWwRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtHpaw/8DMLKERhoofWiA6VrCqAvcBJeF2Q2jV83
4NLY5MqmXZ4+0p49WcuK6WK1NuxNbOCppHBAGVEmrYm0+tYLn+N29Dt8OlQr8LMG
8qmRHNUOmSKoiCVz7VW7B2rttUh6g09xaQzi0sRf43+jq9xF5yfWV+5YeySerjQ5
PpuEByKq3jQzFI88VtBwQT/OBPkB8V1i5Ycc0+5WwNHQOEIRlwcD9F6hgySC+tld
7A4szCmE6ypjB3ysG78e/ecpaWY1RPdOuB9F+ormumgCtRLQN15ZnqTrC/GGJ+Tg
WmQ+0nW6BLJwI35NuOld4e15ntR/In2qZLtLsxjl5tpdHRam8G1zewm9MgSlAL67
N4gJGcQT0FirvhA5WZ73m+nnTvv2pLZALEBWvDgetNKbNXUcGUndw7itTvYPygcP
anDOys0tNn7BGXOISgAO9FTSBWU1sYn+04/omyBiP9fXT6LpXm2MbQPzg9OwwqtQ
9bVEyUTQA6JibW5IhicdY29vngw7WeEvcVn9Pic5FEfjSMVWawB0sOkX+EdpLoF6
XdGGMaRgox8O3WBLeZI1R9MGF2Ccq2DAm64mZJnXQoTt1XCHPvzy8J3tt6JCEkhc
XVaP8TjXykRbap2zUE0U8eRvLkRQToebAPir4p+x51eHqo/1xk2Eeujb3NwQHKPq
gbqgO/gmtj0=
=Rmdf
-----END PGP SIGNATURE-----

--- End Message ---