Re: Please test slurm-llnl 2.3.4-2+deb7u1
Hi Raphael,
I apologize for answering you so late.
On Thu, Apr 20, 2017 at 07:04:49PM +0200, Raphael Hertzog wrote:
> I prepared an updated version of slurm-llnl to fix CVE-2016-10030 which
> is a rather severe issue even if only applies to some rare cases (when there's
> a prolog script and when the attacker can make it fail).
Thank you very much for your work.
> Gennaro, Mehdi, Remi, maybe you know wheezy users of the package to ping?
> Or maybe you can test it quickly?
I finally had the time to investigate on how to exploit the
vulnerability and to test your patch to see if it solves the issue.
I can confirm that your patch works exactly as expected.
Best regards and thank you again for your valuable work
--
Gennaro Oliva
Reply to: