Back to bug 1964125

Who	When	What	Removed	Added
Mauro Matteo Cascella	2021-06-09 09:27:09 UTC	CC		security-response-team
		Comment	0	updated
		CC		pmatilai
		Depends On		1969803, 1969802, 1969801
Mauro Matteo Cascella	2021-06-28 17:58:52 UTC	Depends On		1971282
		Doc Text		A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Mauro Matteo Cascella	2021-06-30 15:05:24 UTC	Summary	EMBARGOED rpm: TOCTOU race in checks for unsafe symlinks	EMBARGOED CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks
		Alias		CVE-2021-35937
		Blocks		1977373
		Group	security, qe_staff
		CC		caswilli, ffesti, igor.raits, mjw, packaging-team-maint, pmoravco, vmukhame
		Summary	EMBARGOED CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks	CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks
Mauro Matteo Cascella	2021-06-30 15:21:33 UTC	Depends On		1977846
Mauro Matteo Cascella	2021-07-08 10:21:20 UTC	Comment	5	updated
Tomas Hoger	2021-09-16 08:36:45 UTC	Depends On		2003065
Tomas Hoger	2022-04-06 11:57:55 UTC	Depends On		2070454
Samantha N. Bueno	2022-05-12 03:51:11 UTC	CC		sbueno
Srikanth Balasubramanian	2022-05-12 07:54:33 UTC	CC		sbalasub
John Helmert III	2022-08-26 16:06:55 UTC	CC		ajak
Igor Raits	2022-08-30 12:14:15 UTC	CC	igor.raits
Mark Wielaard	2023-01-25 12:31:35 UTC	CC	mjw
Derrick	2023-05-09 19:44:54 UTC	CC		derrick.roach.ctr
Manish Dogra	2023-06-09 15:43:00 UTC	CC		mdogra
Red Hat Bugzilla	2023-07-07 08:27:54 UTC	Assignee	security-response-team	nobody
		CC	security-response-team

Back to bug 1964125