27885 – pam new security issue CVE-2020-27780

Bug 27885 - pam new security issue CVE-2020-27780

Summary: pam new security issue CVE-2020-27780

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-20 17:29 CET by David Walser
Modified:	2020-12-20 17:29 CET (History)
CC List:	0 users

See Also:
Source RPM:	pam-1.3.1-5.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-12-20 17:29:18 CET

Fedora has issued an advisory on December 11:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DXQ7FDHYLED67W25CECAG23E5F5V6LXK/

The issue was introduced in 1.5.0 and fixed in 1.5.1.

However, Fedora had to patch 1.3.1.  They caused the issue in their 1.3.1 package with the addition of pam-1.3.1-determinine-user-exists.patch, which was added after the last time I synced patches with them, so we are not affected.

Filing this bug to document that fact and make that clear.

Comment 1 David Walser 2020-12-20 17:29:36 CET

Closing.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.