fix CVE-2011-4339
CVE-2011-4339 has already been fixed. Please, drop this patch.
http://ipmitool.cvs.sourceforge.net/viewvc/ipmitool/ipmitool/src/ipmievd.c?r1=1.35&r2=1.36
Please take a lock at https://bugzilla.redhat.com/attachment.cgi?id=525972
It's in lib/helper.c and not in src/ipmievd.c
I know it's in 'lib/helper.c', and?
CVE-2011-4339 was about ipmievd's PID file being world writable. And as far as I know, this has been fixed.
In the last downloadable tarball (1.8.14) is the bug not fixed. And your link is from src/ipmievd.c.
Just because patch you've provided hasn't been applied doesn't mean it's not fixed, or does it?
And yes, I believe 'src/ipmievd.c' that's where the fix should be. Feel free to prove me wrong.
Log in to post a comment.
CVE-2011-4339 has already been fixed. Please, drop this patch.
http://ipmitool.cvs.sourceforge.net/viewvc/ipmitool/ipmitool/src/ipmievd.c?r1=1.35&r2=1.36
Please take a lock at https://bugzilla.redhat.com/attachment.cgi?id=525972
It's in lib/helper.c and not in src/ipmievd.c
I know it's in 'lib/helper.c', and?
CVE-2011-4339 was about ipmievd's PID file being world writable. And as far as I know, this has been fixed.
In the last downloadable tarball (1.8.14) is the bug not fixed.
And your link is from src/ipmievd.c.
Just because patch you've provided hasn't been applied doesn't mean it's not fixed, or does it?
And yes, I believe 'src/ipmievd.c' that's where the fix should be. Feel free to prove me wrong.