Skip to content
This repository was archived by the owner on Sep 24, 2020. It is now read-only.

Comments

pam-systemd: use secure_getenv() rather than getenv()#118

Merged
bgilbert merged 1 commit intocoreos:v241-coreosfrom
bgilbert:v241-coreos
Aug 8, 2019
Merged

pam-systemd: use secure_getenv() rather than getenv()#118
bgilbert merged 1 commit intocoreos:v241-coreosfrom
bgilbert:v241-coreos

Conversation

@bgilbert
Copy link

@bgilbert bgilbert commented Aug 8, 2019

Fixes CVE-2019-3842.

@poettering @bgilbert
pam-systemd: use secure_getenv() rather than getenv()
f269b01 
And explain why in a comment.

(cherry picked from commit 83d4ab5)
arithx
arithx approved these changes Aug 8, 2019
View reviewed changes
Copy link

@arithx arithx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bgilbert bgilbert merged commit 7495802 into coreos:v241-coreos Aug 8, 2019
@bgilbert bgilbert deleted the v241-coreos branch August 8, 2019 00:32
dongsupark pushed a commit to flatcar-archive/coreos-overlay that referenced this pull request Aug 8, 2019
sys-apps/systemd: use secure_getenv rather than getenv
b278c5d 
Apply the patch "pam-systemd: use secure_getenv() rather than getenv()"
kinvolk-archives/systemd-legacy@7495802,
to the v241-flatcar branch of `flatcar-linux/systemd`, and update
`CROS_WORKON_COMMIT` to the latest commit of v241-flatcar branch.

Fixes CVE-2019-3842.
See also coreos/systemd#118
@dongsupark dongsupark mentioned this pull request Aug 8, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@arithx arithx arithx approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bgilbert @arithx @poettering