Bug 27405

Summary: pam-python new security issue CVE-2019-16729
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Dan Fandrich <dan>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: zombie_ryushu
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pam-python-1.0.6-3.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-10-13 18:27:25 CEST 
Ubuntu has issued an advisory on September 28:
https://ubuntu.com/security/notices/USN-4552-1

The issue is fixed upstream in 1.0.7.

Dan updated this in Cauldron but forgot to file a bug!
Comment 1 Dan Fandrich 2020-10-13 20:06:16 CEST 
Sorry; I had my head down fixing autobuild problems and forgot. I'll take care of getting this into mga7.

Status: NEW => ASSIGNED

Comment 2 Dan Fandrich 2020-10-13 22:02:08 CEST 
I looked at the upstream change to fix this issue and found that we already include the relevant line (in load_user_module) in 1.0.6 via the -fedora patchset. So, it looks like Mageia is not vulnerable to this in either mga7 or Cauldron, which is probably why I didn't open a bug. :-)

Status: ASSIGNED => RESOLVED
Resolution: (none) => INVALID

Comment 3 David Walser 2020-12-06 17:29:43 CET 
*** Bug 27762 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu