Your message dated Sat, 17 Apr 2021 19:17:08 +0000 with message-id <e1lxqri-00020k...@fasolo.debian.org> and subject line Bug#950761: fixed in ipmitool 1.8.18-6+deb10u1 has caused the Debian Bug report #950761, regarding ipmitool: CVE-2020-5208 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 950761: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950761 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ipmitool Version: 1.8.18-8 Severity: important Tags: security upstream Control: found -1 1.8.18-6 Control: found -1 1.8.18-3 Hi, The following vulnerability was published for ipmitool. CVE-2020-5208[0]: | It's been found that multiple functions in ipmitool before 1.8.19 | neglect proper checking of the data received from a remote LAN party, | which may lead to buffer overflows and potentially to remote code | execution on the ipmitool side. This is especially dangerous if | ipmitool is run as a privileged user. This problem is fixed in version | 1.8.19. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-5208 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5208 [1] https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp [2] https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ipmitool Source-Version: 1.8.18-6+deb10u1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of ipmitool, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 950...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated ipmitool package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Feb 2021 11:30:06 +0100 Source: ipmitool Architecture: source Version: 1.8.18-6+deb10u1 Distribution: buster Urgency: medium Maintainer: Jörg Frings-Fürst <debian@jff.email> Changed-By: Thomas Goirand <z...@debian.org> Closes: 950761 Changes: ipmitool (1.8.18-6+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-5208: buffer overflows and potentially to remote code execution. Applied upstream patches: - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch (Closes: #950761). Checksums-Sha1: 1e03a023cd27c1c0ae3d7e9538a1c2ca03d0a769 1930 ipmitool_1.8.18-6+deb10u1.dsc 4268254534c9cb0abfa5a25164931b74ff989eb7 25288 ipmitool_1.8.18-6+deb10u1.debian.tar.xz be8c255c850a896e7ad366393dbd9a19529e7761 6085 ipmitool_1.8.18-6+deb10u1_amd64.buildinfo Checksums-Sha256: b068185100ced6e7e06c2fdb674edbdbf71eec64367d9c9fb84798b45dcfc58b 1930 ipmitool_1.8.18-6+deb10u1.dsc ce84ca43243974f8a98127f3ba094989e8a945ba3b00ae815b8433c55848b92b 25288 ipmitool_1.8.18-6+deb10u1.debian.tar.xz 9fc8577b40ce23ef4e1c8d96ae461664f71b1a85bc21fcf1007353f9d53c12f7 6085 ipmitool_1.8.18-6+deb10u1_amd64.buildinfo Files: fa99fdd82a1d37d1c65cc6b7fb1db9b7 1930 utils optional ipmitool_1.8.18-6+deb10u1.dsc 44b889cde529d8550e2d0642cf2529a9 25288 utils optional ipmitool_1.8.18-6+deb10u1.debian.tar.xz fc636d477e8d16be2243e817b8800e29 6085 utils optional ipmitool_1.8.18-6+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmBfzqcACgkQ1BatFaxr Q/69pw/8D26WGi/NM3QORYlO9OUZfm+gUHSDVV+eh8/HtrAz/JHcEP/onJhzZmBr D15TvY+FUM4VXm3VQ58UIkKl0Ktsg6IlQJ7Q21dxkpThdX+PVJoqmShAcr4PoE2n FMaw+3DYB+QPFCzfOFHKmvj1P+2h3DiIXeLcZ+ieaVjrp3z9FzNHKvPoHw3c3l3e EPMjOxFfmFgG6WV40/uhp0EmrVi8VvcI0wUR/p4mbEDztZgttShOW9/S+04Zzu9O 3pfBH6NgOlsrOjslo+PlvcLFeoyLes4arRcmqew82uwo0ZdRLXXZ/Lgs1yAI3hb1 z40vRZoJJJ8ZfUC7+2DS8h5XyLJtmTpclERp1a3Zr6jK/4+y09dYY/3zoQnWWkr3 pd8FgiEZWIo2JUormju/kg/hF/bWgW+s2tvjylJttODp71KzatwDip/cYvcTYUcw UIFxt+XqI0JA/DT20EHQsffaeE9pV2/ckVYWMtKIEnyYBybWLC5WVntIdHdV4nSN cKBtXzpwwdKUkOUk8V+dtvo+QoYd2XfdN1CiEjTGiGV4TViWZ7Ha9YsSt64/f6fX BryvXTh8NcLVIr4poUHTDWR/Ixg4sRRmcGZjN2OmQySlcq4uT197FVWviW0rZGva ahds59nzGD7Eo3HcblA0FjiuORrWO3XbXc74Ppws8Pjc2gqrNmw= =QxmZ -----END PGP SIGNATURE-----
--- End Message ---
