On Thu, Jan 05, 2012 at 02:43:22PM -0500, Dominique Belhachemi wrote:
There is a long email thread on upstream's mailing list and I am not sure
if we can update to 2.5.
http://www.supercluster.org/pipermail/torquedev/2011-January/003342.html
Sure, but
On Wed, Dec 28, 2011 at 08:21:50PM +0100, Jordi Mallach wrote:
On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote:
CVE_2011_2193 was fixed in DSA 2329.
The second issue, CVE-2011-2907, is still unfixed in stable.
My read of the Bugzilla log was that Redhat didn't actually
Hey,
On Thu, Jan 05, 2012 at 07:42:54PM +0100, Moritz Mühlenhoff wrote:
Even so, Munge appears to require distributing auth tokens, keys or
whatever before a munge-enabled cluster is operational, so this is quite a
change for a DSA, not to mention the version bump if we went that route.
There is a long email thread on upstream's mailing list and I am not sure
if we can update to 2.5.
http://www.supercluster.org/pipermail/torquedev/2011-January/003342.html
Let's see what people on debian-legal are thinking.
http://lists.debian.org/debian-legal/2012/01/msg00030.html
Thanks
On Tue, Oct 11, 2011 at 21:27:08 +0200, Moritz Mühlenhoff wrote:
On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote:
On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a
On Wed, Dec 28, 2011 at 03:22:51PM +0100, Julien Cristau wrote:
torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low
[ Jordi Mallach ]
* [CVE_2011_2193]: Fix two potential buffer overflows:
jobid length and hostname length weren't properly checked,
and these
On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote:
CVE_2011_2193 was fixed in DSA 2329.
The second issue, CVE-2011-2907, is still unfixed in stable.
My read of the Bugzilla log was that Redhat didn't actually fix the
issue, but provided a workaround, by enabling Munge support.
On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote:
On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a package in SVN which is ready for upload. Before doing
so, Moritz, can
On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a package in SVN which is ready for upload. Before doing
so, Moritz, can you look at this additional patch I found in the 2.4 SVN
branch?
Hi!
On Mon, Jul 25, 2011 at 09:10:09PM -0400, Dominique Belhachemi wrote:
Thanks for finding the security issue. We are working on a solution.
Jordi, can you help out with the squeeze fix and upload? I think you
have done those things before, right?
I have prepared a package in SVN which is
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a package in SVN which is ready for upload. Before doing
so, Moritz, can you look at this additional patch I found in the 2.4 SVN
branch?
svn diff -r4780:4781
Package: torque
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193
for details and references
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64
Hi Moritz,
Thanks for finding the security issue. We are working on a solution.
Jordi, can you help out with the squeeze fix and upload? I think you
have done those things before, right?
Cheers
Dominique
On Mon, Jul 25, 2011 at 8:10 AM, Moritz Muehlenhoff j...@debian.org wrote:
Package:
13 matches
Mail list logo