Bugzilla – Full Text Bug Listing |
Summary: | VUL-0: CVE-2021-32773: racket: incorrect code evaluation may lead to privileges escalation | ||
---|---|---|---|
Product: | [openSUSE] openSUSE Distribution | Reporter: | Gabriele Sonnu <gabriele.sonnu> |
Component: | Security | Assignee: | Fred Fu <moonsolo> |
Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
Severity: | Normal | ||
Priority: | P3 - Medium | CC: | mlin+factory, sbahling |
Version: | Leap 15.3 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Other | ||
URL: | https://smash.suse.de/issue/304611/ | ||
Whiteboard: | |||
Found By: | Security Response Team | Services Priority: | |
Business Priority: | Blocker: | --- | |
Marketing QA Status: | --- | IT Deployment: | --- |
Description
Gabriele Sonnu
2021-12-17 16:03:51 UTC
Affected packages: - openSUSE:Backports:SLE-15-SP2/racket 7.3 - openSUSE:Backports:SLE-15-SP3/racket 7.3 Please update them to a non vulnerable version (>= 8.2). The devel/misc/racket has been upgraded to 8.3. The TW racket package has been brought up to date as well. But it looks like https://build.opensuse.org/package/show/openSUSE:Backports:SLE-15-SP2/racket is maintained by different people. After having a quick look, they don't have a history of receiving requests. How should we proceed? Maybe cc them? I added Max Lin as he recently upgraded racket for openSUSE:Backports:SLE-15-SP4 [0]. [0] https://build.opensuse.org/request/show/938464 security updates should be submitted against openSUSE:Backports:SLE-15-SP2:Update (please use "obs sm racket" to show the valid current targets) |