[Secure-testing-team] Bug#602340: CVE-2010-3380
Moritz Muehlenhoff
jmm at debian.org
Wed Nov 3 21:52:30 UTC 2010
Package: slurm-llnl
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3380
I'm attaching the extracted upstream fix. Please note that while upstream
has fixed this issue in 2.1.4, Debian is still affected since we ship
our own init scripts in debian/. As such, sid still needs a fix.
As for Squeeze, please prepare a targeted testing upload with the security
fix only. At this point of the release freeze release managers don't
accept new upstream releases any longer.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages slurm-llnl depends on:
ii adduser 3.112+nmu1 add and remove users and groups
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libncurses5 5.7+20100313-4 shared libraries for terminal hand
ii lsb-base 3.2-26 Linux Standard Base 3.2 init scrip
pn munge <none> (no description available)
ii openssl 0.9.8o-2 Secure Socket Layer (SSL) binary a
pn openssl-blacklist <none> (no description available)
pn slurm-llnl-basic-plugins <none> (no description available)
ii ucf 3.0025+nmu1 Update Configuration File: preserv
slurm-llnl recommends no packages.
slurm-llnl suggests no packages.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slurm.diff
Type: text/x-diff
Size: 876 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20101103/58534637/attachment.diff>
More information about the Secure-testing-team
mailing list