Bug 27885

Summary: pam new security issue CVE-2020-27780
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pam-1.3.1-5.mga8.src.rpm CVE:
Status comment:

Description David Walser 2020-12-20 17:29:18 CET 
Fedora has issued an advisory on December 11:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DXQ7FDHYLED67W25CECAG23E5F5V6LXK/

The issue was introduced in 1.5.0 and fixed in 1.5.1.

However, Fedora had to patch 1.3.1.  They caused the issue in their 1.3.1 package with the addition of pam-1.3.1-determinine-user-exists.patch, which was added after the last time I synced patches with them, so we are not affected.

Filing this bug to document that fact and make that clear.
Comment 1 David Walser 2020-12-20 17:29:36 CET 
Closing.

Status: NEW => RESOLVED
Resolution: (none) => INVALID