Your message dated Wed, 24 Feb 2021 10:48:47 +0000 with message-id <e1lerip-0007kf...@fasolo.debian.org> and subject line Bug#950761: fixed in ipmitool 1.8.18-10.1 has caused the Debian Bug report #950761, regarding ipmitool: CVE-2020-5208 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 950761: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950761 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ipmitool Version: 1.8.18-8 Severity: important Tags: security upstream Control: found -1 1.8.18-6 Control: found -1 1.8.18-3 Hi, The following vulnerability was published for ipmitool. CVE-2020-5208[0]: | It's been found that multiple functions in ipmitool before 1.8.19 | neglect proper checking of the data received from a remote LAN party, | which may lead to buffer overflows and potentially to remote code | execution on the ipmitool side. This is especially dangerous if | ipmitool is run as a privileged user. This problem is fixed in version | 1.8.19. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-5208 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5208 [1] https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp [2] https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ipmitool Source-Version: 1.8.18-10.1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of ipmitool, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 950...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated ipmitool package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Feb 2021 11:04:17 +0100 Source: ipmitool Architecture: source Version: 1.8.18-10.1 Distribution: unstable Urgency: high Maintainer: Jörg Frings-Fürst <debian@jff.email> Changed-By: Thomas Goirand <z...@debian.org> Closes: 950761 Changes: ipmitool (1.8.18-10.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2020-5208: buffer overflows and potentially to remote code execution. Applied upstream patches: - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch (Closes: #950761). Checksums-Sha1: 30533674d100ffed2a4c650d3643d157f6cd694f 1970 ipmitool_1.8.18-10.1.dsc db031657295413a537278ed61b94c3dac6a7e00e 22372 ipmitool_1.8.18-10.1.debian.tar.xz b08bd1012a13e1ed7118443265128fb6bcd67bd8 6258 ipmitool_1.8.18-10.1_amd64.buildinfo Checksums-Sha256: e51232c5e1b7b4f9f0116a57164466ee2b7af3f7afdd77c010103bc84443bfb7 1970 ipmitool_1.8.18-10.1.dsc a816d3964c62bf3d3bf888497c38944a8a1681985365b9c938b80e9168376b63 22372 ipmitool_1.8.18-10.1.debian.tar.xz be1a46a0c50187050f56ae4c4666d1b2c25ded710005718e6ec466cc695dd0fa 6258 ipmitool_1.8.18-10.1_amd64.buildinfo Files: 9a8230266f89abca4fa1700675f12465 1970 utils optional ipmitool_1.8.18-10.1.dsc e616d740150ef8cdf60039dcfe3687e5 22372 utils optional ipmitool_1.8.18-10.1.debian.tar.xz ed61d7658a82f6ef1a2716ec41239695 6258 utils optional ipmitool_1.8.18-10.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmAvjgkACgkQ1BatFaxr Q/7x0w/+M8fj60vdQO2RlYp/kue1TADdvqYJscDoMInxGwzxZJASOOAGGmHO8lsP G/wFF2/OfMgAwNodeMEPRcdjFvH6mCpXIHzsJbW03uBbN20AeHiYx2k7O2WdyoXf XwVVhpYy4oc2rYScRFAq7oDh2ahBzGQKxvCoouJjFJTLmf9AycjnYxaf//dF9fXd LC/VWeBe9beBMpqDAXV3HatQNwifzA7ou4ujsvIMkpeovJnhnoMAZhuXBUBoJfyc D7t4O4TxnelBVbktLck227HGo8F2PLtyumvCiM/ra86NgIEFHMwrTVhGauQbAnhI PyJs3O0hrtkmiQZOHqjGQ1Dre336GM8TBcUqgfpwYhjiZgXwHdYO4bgk8CoUTXoh hg1DmmSBi428S89FBuIYxIEChXO0klOUHu8iiggex0nAM+FqqJFw5xW/7u22N0zq 9acrxj67RPC91xZ2qcre88TRhFYd0d0VFAmZ1ZKJ9afLcc42OgvNUcEzHo93PJ5q LwoxyifArYBloVR3MUJ77A+oBUhYk4QDE4TafdkovupAtHCeqW/jGqBnG3B6hzYF NHLbBiRqu28VR06svRq03jB3tyU3M2GZBy4jHIFwklBnDid/fKPiWGtv+uwQ5Srr doefKXw+EaG5sX30Ja5KXxq8RrBMxLnEyM1NXLtV78wK1tHFXi8= =5WZA -----END PGP SIGNATURE-----
--- End Message ---
