Debian Package Tracker

general

source: sssd (main)
version: 1.16.3-3.1
maintainer: Debian SSSD Team (archive) [DMD]
uploaders: Timo Aaltonen [DMD]
arch: any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.11.7-3
old-sec: 1.11.7-3+deb8u2
stable: 1.15.0-3
testing: 1.16.3-3.1
unstable: 1.16.3-3.1
exp: 1.16.4-1~exp1

versioned links

1.11.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.7-3+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.3-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.4-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libipa-hbac-dev
libipa-hbac0
libnss-sss
libpam-sss
libsss-certmap-dev
libsss-certmap0
libsss-idmap-dev
libsss-idmap0
libsss-nss-idmap-dev
libsss-nss-idmap0
libsss-simpleifp-dev
libsss-simpleifp0
libsss-sudo
libwbclient-sssd
libwbclient-sssd-dev
python-libipa-hbac
python-libsss-nss-idmap
python-sss
python3-libipa-hbac
python3-libsss-nss-idmap
python3-sss
sssd
sssd-ad
sssd-ad-common
sssd-common
sssd-dbus
sssd-ipa
sssd-kcm
sssd-krb5
sssd-krb5-common
sssd-ldap
sssd-proxy
sssd-tools

action needed

A new upstream version is available: 2.1.0 high

A new upstream version 2.1.0 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-04-23 03:46

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2019-02-24 Last update: 2019-04-23 02:47

5 security issues in stretch high

There are 5 open security issues in stretch.

4 important issues:

CVE-2017-12173: It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

1 issue skipped by the security teams:

CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

Please fix them.

Created: 2017-10-05 Last update: 2019-04-05 04:11

4 security issues in buster high

There are 4 open security issues in buster.

4 important issues:

CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Please fix them.

Created: 2018-06-26 Last update: 2019-04-05 04:11

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2018-10852: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Please fix them.

Created: 2018-06-26 Last update: 2019-04-05 04:11

Multiarch hinter reports 19 issue(s) normal

There are issues with the multiarch metadata for this package.

libipa-hbac-dev could be marked Multi-Arch: same
libipa-hbac0 could be marked Multi-Arch: same
libsss-certmap-dev could be marked Multi-Arch: same
libsss-certmap0 could be marked Multi-Arch: same
libsss-idmap-dev could be marked Multi-Arch: same
libsss-idmap0 could be marked Multi-Arch: same
libsss-nss-idmap-dev could be marked Multi-Arch: same
libsss-nss-idmap0 could be marked Multi-Arch: same
libsss-simpleifp-dev could be marked Multi-Arch: same
libsss-simpleifp0 could be marked Multi-Arch: same
libwbclient-sssd could be marked Multi-Arch: same
libwbclient-sssd-dev could be marked Multi-Arch: same
python-libipa-hbac could be marked Multi-Arch: same
python-libsss-nss-idmap could be marked Multi-Arch: same
python3-libipa-hbac could be marked Multi-Arch: same
python3-libsss-nss-idmap could be marked Multi-Arch: same
sssd-ad could be marked Multi-Arch: same
sssd-krb5 could be marked Multi-Arch: same
sssd-ldap could be marked Multi-Arch: same

Created: 2019-02-25 Last update: 2019-04-23 09:36

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-04-20 Last update: 2019-04-23 09:30

Depends on packages which need a new maintainer normal

The packages that sssd depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl
libnfsidmap (#925022)
- Build-Depends: libnfsidmap-dev
- Depends: libnfsidmap2
docbook-xml (#802368)
- Build-Depends: docbook-xml
lsb (#924519)
- Build-Depends: lsb-release

Created: 2017-12-02 Last update: 2019-04-23 09:02

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-04-23 08:54

lintian reports 127 warnings normal

Lintian reports 127 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-04-07 Last update: 2019-04-07 07:41

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Please fix it.

Created: 2015-10-05 Last update: 2019-04-05 04:11

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.3).

Created: 2018-04-16 Last update: 2019-02-24 18:03

news

[rss feed]

[2019-04-03] Accepted sssd 1.16.4-1~exp1 (source) into experimental (Timo Aaltonen)
[2019-03-06] sssd 1.16.3-3.1 MIGRATED to testing (Debian testing watch)
[2019-02-24] Accepted sssd 1.16.3-3.1 (source amd64) into unstable (Dominik George)
[2019-01-17] Accepted sssd 1.11.7-3+deb8u2 (source amd64) into oldstable (Mike Gabriel)
[2018-12-19] sssd 1.16.3-3 MIGRATED to testing (Debian testing watch)
[2018-12-02] Accepted sssd 1.16.3-3 (source) into unstable (Timo Aaltonen)
[2018-11-06] Accepted sssd 1.16.3-2 (source) into unstable (Timo Aaltonen)
[2018-08-27] sssd 1.16.3-1 MIGRATED to testing (Debian testing watch)
[2018-08-22] Accepted sssd 1.16.3-1 (source) into unstable (Timo Aaltonen)
[2018-07-16] Accepted sssd 1.11.7-3+deb8u1 (source) into oldstable (Brian May)
[2018-07-02] sssd 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2018-06-27] Accepted sssd 1.16.2-1 (source) into unstable (Timo Aaltonen)
[2018-03-18] sssd 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2018-03-13] Accepted sssd 1.16.1-1 (source) into unstable (Timo Aaltonen)
[2018-01-31] sssd 1.16.0-5 MIGRATED to testing (Debian testing watch)
[2018-01-26] Accepted sssd 1.16.0-5 (source) into unstable (Timo Aaltonen)
[2018-01-26] Accepted sssd 1.16.0-4 (source) into unstable (Timo Aaltonen)
[2018-01-04] Accepted sssd 1.16.0-3 (source) into unstable (Timo Aaltonen)
[2017-12-31] sssd 1.16.0-2 MIGRATED to testing (Debian testing watch)
[2017-12-25] Accepted sssd 1.16.0-2 (source) into unstable (Timo Aaltonen)
[2017-12-25] sssd 1.16.0-1 MIGRATED to testing (Debian testing watch)
[2017-12-20] Accepted sssd 1.16.0-1 (source) into unstable (Timo Aaltonen)
[2017-11-03] sssd 1.15.3-3 MIGRATED to testing (Debian testing watch)
[2017-10-29] Accepted sssd 1.15.3-3 (source) into unstable (Timo Aaltonen)
[2017-10-28] sssd 1.15.3-2 MIGRATED to testing (Debian testing watch)
[2017-10-27] sssd 1.15.3-2 MIGRATED to testing (Debian testing watch)
[2017-10-12] Accepted sssd 1.15.3-2 (source) into unstable (Timo Aaltonen)
[2017-08-23] sssd 1.15.3-1 MIGRATED to testing (Debian testing watch)
[2017-08-17] Accepted sssd 1.15.3-1 (source amd64) into unstable, unstable (Timo Aaltonen)
[2017-06-20] sssd 1.15.2-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 36
RC: 0
I&N: 34
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian (0, 127)
buildd: logs, exp, clang, reproducibility, cross
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.16.3-3ubuntu1
20 bugs (1 patch)
patches for 1.16.3-3ubuntu1