Re: Please test slurm-llnl 2.3.4-2+deb7u1

To: Raphael Hertzog <hertzog@debian.org>, debian-lts@lists.debian.org, mehdi@debian.org, remi@rezib.org
Subject: Re: Please test slurm-llnl 2.3.4-2+deb7u1
From: Gennaro Oliva <oliva.g@na.icar.cnr.it>
Date: Thu, 27 Jul 2017 15:42:30 +0200
Message-id: <[🔎] 20170727134230.dmaq4odefmaygg7w@ischia>
In-reply-to: <20170420170449.ctpchtye5fmf4ocm@home.ouaza.com>
References: <20170420170449.ctpchtye5fmf4ocm@home.ouaza.com>

Hi Raphael,

I apologize for answering you so late.

On Thu, Apr 20, 2017 at 07:04:49PM +0200, Raphael Hertzog wrote:
> I prepared an updated version of slurm-llnl to fix CVE-2016-10030 which
> is a rather severe issue even if only applies to some rare cases (when there's
> a prolog script and when the attacker can make it fail).

Thank you very much for your work.

> Gennaro, Mehdi, Remi, maybe you know wheezy users of the package to ping?
> Or maybe you can test it quickly?

I finally had the time to investigate on how to exploit the
vulnerability and to test your patch to see if it solves the issue.

I can confirm that your patch works exactly as expected.

Best regards and thank you again for your valuable work
-- 
Gennaro Oliva

Reply to:

Prev by Date: Re: openssh_7.2p2+ availability for wheezy
Next by Date: Re: openssh_7.2p2+ availability for wheezy
Previous by thread: Re: openssh_7.2p2+ availability for wheezy
Next by thread: Wheezy update of freerdp?
Index(es):
- Date
- Thread