[ubuntu/jammy-proposed] systemd 249.5-2ubuntu4 (Accepted)

Alex Murray alex.murray at canonical.com
Mon Jan 10 21:19:15 UTC 2022


systemd (249.5-2ubuntu4) jammy; urgency=medium

  * SECURITY UPDATE: systemd-tmpfiles could be made to crash.
    - d/p/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch:
      Backport upstream patch from PR#20173
    - d/p/rm-rf-optionally-fsync-after-removing-directory-tree.patch:
      Backport upstream patch required for CVE-2021-3997 patches
    - d/p/CVE-2021-3997-1.patch: Backport upstream patch to refactor
      rm_rf_children_inner()
    - d/p/CVE-2021-3997-2.patch: Backport upstream patch to refactor
      rm_rf()
    - d/p/CVE-2021-3997-3.patch: Backport upstream patch to loop over
      nested directories instead of using recursion
    - CVE-2021-3997

Date: Mon, 10 Jan 2022 10:56:19 +1030
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/systemd/249.5-2ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 10 Jan 2022 10:56:19 +1030
Source: systemd
Built-For-Profiles: noudeb
Architecture: source
Version: 249.5-2ubuntu4
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Changes:
 systemd (249.5-2ubuntu4) jammy; urgency=medium
 .
   * SECURITY UPDATE: systemd-tmpfiles could be made to crash.
     - d/p/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch:
       Backport upstream patch from PR#20173
     - d/p/rm-rf-optionally-fsync-after-removing-directory-tree.patch:
       Backport upstream patch required for CVE-2021-3997 patches
     - d/p/CVE-2021-3997-1.patch: Backport upstream patch to refactor
       rm_rf_children_inner()
     - d/p/CVE-2021-3997-2.patch: Backport upstream patch to refactor
       rm_rf()
     - d/p/CVE-2021-3997-3.patch: Backport upstream patch to loop over
       nested directories instead of using recursion
     - CVE-2021-3997
Checksums-Sha1:
 af3717442b2a5d5bb8ccfe477a1119563547d552 5304 systemd_249.5-2ubuntu4.dsc
 e15694f8f52d7f97dd7526fdce72565b16335f6c 224088 systemd_249.5-2ubuntu4.debian.tar.xz
 2504f74b0d49366797cbdbdd29bede4c98715d6d 10324 systemd_249.5-2ubuntu4_source.buildinfo
Checksums-Sha256:
 15957520efc4785df194804b02f001c717f3ef749a3f1e4a1131824b971b7153 5304 systemd_249.5-2ubuntu4.dsc
 224653be7dc1fb05d75ccdf5ae2ac80759e55cb3bca59be87c6d687ed4c7d25d 224088 systemd_249.5-2ubuntu4.debian.tar.xz
 3caa496544363383f70a5b86362fca5900d71658bcd00bc978d5b9443a3b07e7 10324 systemd_249.5-2ubuntu4_source.buildinfo
Files:
 7d33612b9c3cb213e05f720a2a99c8d5 5304 admin optional systemd_249.5-2ubuntu4.dsc
 d0b13c1862a19a7b07a4fbf38c933caa 224088 admin optional systemd_249.5-2ubuntu4.debian.tar.xz
 e8e63e0b01aa796f4b173196cce831e6 10324 admin optional systemd_249.5-2ubuntu4_source.buildinfo
Original-Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers at lists.alioth.debian.org>


More information about the jammy-changes mailing list