[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please test slurm-llnl 2.3.4-2+deb7u1

Hi Raphael,

I apologize for answering you so late.

On Thu, Apr 20, 2017 at 07:04:49PM +0200, Raphael Hertzog wrote:
> I prepared an updated version of slurm-llnl to fix CVE-2016-10030 which
> is a rather severe issue even if only applies to some rare cases (when there's
> a prolog script and when the attacker can make it fail).

Thank you very much for your work.

> Gennaro, Mehdi, Remi, maybe you know wheezy users of the package to ping?
> Or maybe you can test it quickly?

I finally had the time to investigate on how to exploit the
vulnerability and to test your patch to see if it solves the issue.

I can confirm that your patch works exactly as expected.

Best regards and thank you again for your valuable work
Gennaro Oliva

Reply to: