Bug details: ** https://bugzilla.redhat.com/show_bug.cgi?id=2140224 ** Information from BlockerBugs App:
Commented but haven't voted yet: geraldosimiao
The votes have been last counted at 2022-11-07 15:49 UTC and the last processed comment was #comment-824954
To learn how to vote, see: https://pagure.io/fedora-qa/blocker-review A quick example: BetaBlocker +1 (where the tracker name is one of BetaBlocker/FinalBlocker/BetaFE/FinalFE/0Day/PreviousRelease and the vote is one of +1/0/-1)
BetaBlocker +1
BetaBlocker
FinalBlocker
BetaFE
FinalFE
0Day
PreviousRelease
+1
0
-1
FinalBlocker -1
Although the original build logs seem to be gone (at least, I could not figure out how to download them from koji), I did a local fedpkg mockbuild --no-cleanup-after and checked the generated config.h to confirm that HAVE_CRYPT is not defined, same as for RHEL. So the vulnerable code is not built.
fedpkg mockbuild --no-cleanup-after
HAVE_CRYPT
Is Fedora even affected by this bug? I am asking because Ubuntu states 1 that "sudo packages in Ubuntu are compiled with PAM support, so the vulnerable code isn't part of the binaries."
I think the same is true for Fedora, see spec file 2.
A good one to talk about at today's Blocker Review Meeting.
We don't need to talk about it because the vulnerable code is not built.
Metadata Update from @blockerbot: - Issue status updated to: Closed (was: Open)
Release F37 is no longer tracked by BlockerBugs, closing this ticket.
Log in to comment on this ticket.