16565197393
22%
master: 81%

Ran 28 Jul 2025 09:32AM UTC

Jobs 3

Files 1129

Run time 4min

Badge

Embed ▾

Committed 28 Jul 2025 09:08AM UTC coverage: 64.234% (-11.7%) from 75.964%

Build # 16565197393

Build Type

Pull #2619

github

Committed by

mvidner

Commit Message

update pam crate not to use a vulnerable users dependency (bsc#1244200, CVE-2025-5791)

users crate has a vulnerability where it will wrongly claim that a user
is present in the root group.
Agama had the users crate as a dependency, pulled in by the pam crate.

Agama is using pam only for root user authentication, so the vulnerability was not affecting it
https://github.com/agama-project/agama/blob/06c86349b/rust/agama-server/src/web/http.rs#L78

pam has merged a fix for this already, but not released it on crates.io: https://github.com/1wilkens/pam/pull/39 (The fix is from 2023-12 but the latest release was in 2023-11)

Pull Request Pull Request #2619: update pam crate not to use a vulnerable users dependency (bsc#1244200, CVE-2025-5791)

Coverage Stats

2135 of 3884 branches covered (54.97%)

Branch coverage included in aggregate %.

24838 of 38108 relevant lines covered (65.18%)

49.14 hits per line

Subprojects

ID	Flag name	Job ID	Ran	Files	Coverage
1	rust	16565197393.1	28 Jul 2025 09:32AM UTC	182	21.98	GitHub Action Run
3	web	16531030900.3	25 Jul 2025 08:33PM UTC	558	68.06	GitHub Action Run
3	service	16508168119.3	24 Jul 2025 09:28PM UTC	389	88.51	GitHub Action Run

agama-project / agama / 16565197393
22%
master: 81%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Subprojects

Source Files on build 16565197393

agama-project / agama / 16565197393 22% master: 81%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Subprojects

Source Files on build 16565197393

agama-project / agama / 16565197393
22%
master: 81%

README BADGES
x