Control: severity -1 grave Hi Jörg, Adam,
On Wed, Feb 05, 2020 at 10:11:58PM +0100, Salvatore Bonaccorso wrote: > Source: ipmitool > Version: 1.8.18-8 > Severity: important > Tags: security upstream > Control: found -1 1.8.18-6 > Control: found -1 1.8.18-3 > > Hi, > > The following vulnerability was published for ipmitool. > > CVE-2020-5208[0]: > | It's been found that multiple functions in ipmitool before 1.8.19 > | neglect proper checking of the data received from a remote LAN party, > | which may lead to buffer overflows and potentially to remote code > | execution on the ipmitool side. This is especially dangerous if > | ipmitool is run as a privileged user. This problem is fixed in version > | 1.8.19. Strictly speaking this is not RC (so if you strongly disagree please downgrade). While not a serious problem if run not with a privileged user or over untrusted networks, I feel would still be great to have this issue fixed for the upcoming bullseye. Possible to rebase to the 1.8.19 release before the upcoming freeze? Regards, Salvatore
