Your message dated Thu, 15 Jan 2009 03:02:11 +0000
with message-id <e1lniul-0003tm...@ries.debian.org>
and subject line Bug#511511: fixed in slurm-llnl 1.3.13-1
has caused the Debian Bug report #511511,
regarding slurm-llnl: Imporer checking of EVP_VerifyFinal() return value.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
511511: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: slurm-llnl
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In
src/plugins/crypto/openssl/crypto_openssl.c there is this piece of code:
rc = EVP_VerifyFinal(&ectx, (unsigned char *) signature,
sig_size, (EVP_PKEY *) key);
if (!rc)
rc = SLURM_ERROR;
else
rc = SLURM_SUCCESS;
But EVP_VerifyFinal() can also return -1 on errors. A good way to check
the value would be something like:
if (rc <= 0)
I have no idea if this code is being used and what the consequences
of this might be.
Kurt
--- End Message ---
--- Begin Message ---
Source: slurm-llnl
Source-Version: 1.3.13-1
We believe that the bug you reported is fixed in the latest version of
slurm-llnl, which is due to be installed in the Debian FTP archive:
libpmi0-dev_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/libpmi0-dev_1.3.13-1_i386.deb
libpmi0_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/libpmi0_1.3.13-1_i386.deb
libslurm13-dev_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/libslurm13-dev_1.3.13-1_i386.deb
libslurm13_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/libslurm13_1.3.13-1_i386.deb
slurm-llnl-basic-plugins-dev_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.13-1_i386.deb
slurm-llnl-basic-plugins_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.13-1_i386.deb
slurm-llnl-doc_1.3.13-1_all.deb
to pool/main/s/slurm-llnl/slurm-llnl-doc_1.3.13-1_all.deb
slurm-llnl-slurmdbd_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.13-1_i386.deb
slurm-llnl-sview_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/slurm-llnl-sview_1.3.13-1_i386.deb
slurm-llnl_1.3.13-1.diff.gz
to pool/main/s/slurm-llnl/slurm-llnl_1.3.13-1.diff.gz
slurm-llnl_1.3.13-1.dsc
to pool/main/s/slurm-llnl/slurm-llnl_1.3.13-1.dsc
slurm-llnl_1.3.13-1_i386.deb
to pool/main/s/slurm-llnl/slurm-llnl_1.3.13-1_i386.deb
slurm-llnl_1.3.13.orig.tar.gz
to pool/main/s/slurm-llnl/slurm-llnl_1.3.13.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 511...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gennaro Oliva <oliv...@na.icar.cnr.it> (supplier of updated slurm-llnl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 14 Jan 2009 09:25:10 +0100
Source: slurm-llnl
Binary: slurm-llnl libslurm13 libpmi0 libslurm13-dev libpmi0-dev slurm-llnl-doc
slurm-llnl-basic-plugins slurm-llnl-basic-plugins-dev slurm-llnl-sview
slurm-llnl-slurmdbd
Architecture: source i386 all
Version: 1.3.13-1
Distribution: unstable
Urgency: low
Maintainer: Gennaro Oliva <oliv...@na.icar.cnr.it>
Changed-By: Gennaro Oliva <oliv...@na.icar.cnr.it>
Description:
libpmi0 - SLURM PMI library implementation
libpmi0-dev - SLURM PMI library implementation
libslurm13 - Runtime library files for SLURM
libslurm13-dev - SLURM development files
slurm-llnl - Simple Linux Utility for Resource Management
slurm-llnl-basic-plugins - SLURM docmentation
slurm-llnl-basic-plugins-dev - SLURM docmentation
slurm-llnl-doc - SLURM docmentation
slurm-llnl-slurmdbd - Secure enterprise-wide interface to a database for SLURM
slurm-llnl-sview - GUI to view and modify SLURM state
Closes: 511511
Changes:
slurm-llnl (1.3.13-1) unstable; urgency=low
.
* New upstream release (Closes: #511511)
Checksums-Sha1:
9000798b2b8545fd97b66a998bad4579116486a5 1393 slurm-llnl_1.3.13-1.dsc
1251604e8a430776c93b051b2a9d0e9f94b3ad60 6794442 slurm-llnl_1.3.13.orig.tar.gz
82e1b08d17db477023ebf274e6b5b52ad86ba46e 64423 slurm-llnl_1.3.13-1.diff.gz
aff0d6367d1612238c126a0e36d0fd2969449fb0 5154952 slurm-llnl_1.3.13-1_i386.deb
e289d733ed9dff0e2b364351793013c9d3b5aa87 269144 libslurm13_1.3.13-1_i386.deb
39b6bbcf3e4679a9f599c47c8a09d757bfa24c35 17718 libpmi0_1.3.13-1_i386.deb
f7092a7c5403905f5c3cbabc35211097c0513183 435692
libslurm13-dev_1.3.13-1_i386.deb
2f1f988abd35bfe78c0ea0884621fc99aa62345f 21866 libpmi0-dev_1.3.13-1_i386.deb
983c8fe10737171b3f2903a7aec510b6855ae092 315336
slurm-llnl-basic-plugins_1.3.13-1_i386.deb
d7382ae4ed35b36a64a88e4b1c0899e8bf3f59c3 1042410
slurm-llnl-basic-plugins-dev_1.3.13-1_i386.deb
356df401aa63c0c6abaef39609e0470c9a599196 344200
slurm-llnl-sview_1.3.13-1_i386.deb
cbc26851fbd0c87342641d36aad4ebcab668f960 644816
slurm-llnl-slurmdbd_1.3.13-1_i386.deb
138542fa6f7ed29efb6749723dad157917d380ab 857262 slurm-llnl-doc_1.3.13-1_all.deb
Checksums-Sha256:
ae388914bb049ccdc33d92e2f68b9d69a30b48f5ec2be99cef60e634fda4ec71 1393
slurm-llnl_1.3.13-1.dsc
8357079f7ccc3dc6b452d85074c62d776fdadcfdefb9787f348cfb7f2ef56ef0 6794442
slurm-llnl_1.3.13.orig.tar.gz
2ea70ef72868551bfaa086672dafed7003d91641b43c96ff8fe24a179cfae775 64423
slurm-llnl_1.3.13-1.diff.gz
5082da3c8dd818866884f4ea29b173fe3b1d4fd4622a57723c1f89f26c5cbb00 5154952
slurm-llnl_1.3.13-1_i386.deb
24b6446120a3e0f11276e28ed37daa6c575ba4fd579583ca8ccbe37e4fbe43c0 269144
libslurm13_1.3.13-1_i386.deb
526877c90a32e8005d96ad1bad360a3095cad304194ccfbf2e4cc15a75997c1f 17718
libpmi0_1.3.13-1_i386.deb
83b630a440d2b761acbcc9637407783acf0a73289d4acdde34ddd8982ca54a33 435692
libslurm13-dev_1.3.13-1_i386.deb
35d6095f471f8b1bf98f621c8915eb297570ba3971da22826ed2b03f8bc29f71 21866
libpmi0-dev_1.3.13-1_i386.deb
f5b6aca53b04aa18f9e6ee7f0e0cfd49e2a4d42678496aa9db9a5d03c90f3e1c 315336
slurm-llnl-basic-plugins_1.3.13-1_i386.deb
26aaac5d5d0e3763fd14f4713f5b8485afe8632ecafe7831f178302ddb5ec983 1042410
slurm-llnl-basic-plugins-dev_1.3.13-1_i386.deb
31e120de5e38ab2830849c33cbab549c951a03a55c1123c2bb2e171a2b97c29f 344200
slurm-llnl-sview_1.3.13-1_i386.deb
277422e823e429d7ed1ba0810092825fed0756c0af30afe98718bf7f274dfac5 644816
slurm-llnl-slurmdbd_1.3.13-1_i386.deb
30ad9e69aeb1ee04fdc0bb6b6a4187b2960d762d117ee5fb4ceb884a9a6d684a 857262
slurm-llnl-doc_1.3.13-1_all.deb
Files:
58eb3cd462e4e7acb01ff308466dd814 1393 admin extra slurm-llnl_1.3.13-1.dsc
df6a6e708cb98009d6dbd0a68eac05b9 6794442 admin extra
slurm-llnl_1.3.13.orig.tar.gz
658f265d5a3cfaa3db6cb598e7e5373c 64423 admin extra slurm-llnl_1.3.13-1.diff.gz
6cc587fd3c54d3b319e9b35758566b73 5154952 admin extra
slurm-llnl_1.3.13-1_i386.deb
ef4179063dd0131aa0e772cb347a61ce 269144 libs extra libslurm13_1.3.13-1_i386.deb
44cfaabaf665edbc4761772a590a8fea 17718 libs extra libpmi0_1.3.13-1_i386.deb
1b8f1efa6ae29c26bafab354bffdf6aa 435692 libdevel extra
libslurm13-dev_1.3.13-1_i386.deb
6a0ff99ba95d6eadd3c95942c24e8a39 21866 libdevel extra
libpmi0-dev_1.3.13-1_i386.deb
453569c855fc566f1ac8eace72f34ad0 315336 admin extra
slurm-llnl-basic-plugins_1.3.13-1_i386.deb
4290babcf0154a92ae8f81025b24a339 1042410 devel extra
slurm-llnl-basic-plugins-dev_1.3.13-1_i386.deb
6ee53e156161a8044891d189b92542aa 344200 admin extra
slurm-llnl-sview_1.3.13-1_i386.deb
b356018ec057a4ae8803dd6cac2c4a62 644816 admin extra
slurm-llnl-slurmdbd_1.3.13-1_i386.deb
41dff2a1ae2cfa17d5d42f2876f6aaf4 857262 doc extra
slurm-llnl-doc_1.3.13-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJbqARCZSR95Gw07cRAhqOAJ4pZgMhczJJTIEijH2/Lyr8YgntxQCfRt8e
er64txKnEppjzrapO8ICIwo=
=Y/70
-----END PGP SIGNATURE-----
--- End Message ---
