On Thu, Jan 05, 2012 at 02:43:22PM -0500, Dominique Belhachemi wrote:
> There is a long email thread on upstream's mailing list and I am not sure
> if we can update to 2.5.
> http://www.supercluster.org/pipermail/torquedev/2011-January/003342.html
Sure, but
http://www.supercluster.org/pipermail/
There is a long email thread on upstream's mailing list and I am not sure
if we can update to 2.5.
http://www.supercluster.org/pipermail/torquedev/2011-January/003342.html
Let's see what people on debian-legal are thinking.
http://lists.debian.org/debian-legal/2012/01/msg00030.html
Thanks
-Do
Hey,
On Thu, Jan 05, 2012 at 07:42:54PM +0100, Moritz Mühlenhoff wrote:
> > Even so, Munge appears to require distributing auth tokens, keys or
> > whatever before a munge-enabled cluster is operational, so this is quite a
> > change for a DSA, not to mention the version bump if we went that route
On Wed, Dec 28, 2011 at 08:21:50PM +0100, Jordi Mallach wrote:
> On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote:
> > CVE_2011_2193 was fixed in DSA 2329.
> >
> > The second issue, CVE-2011-2907, is still unfixed in stable.
>
> My read of the Bugzilla log was that Redhat didn't
On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote:
> CVE_2011_2193 was fixed in DSA 2329.
>
> The second issue, CVE-2011-2907, is still unfixed in stable.
My read of the Bugzilla log was that Redhat didn't actually "fix" the
issue, but provided a workaround, by enabling Munge supp
On Wed, Dec 28, 2011 at 03:22:51PM +0100, Julien Cristau wrote:
> > >
> > > torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low
> > >
> > > [ Jordi Mallach ]
> > > * [CVE_2011_2193]: Fix two potential buffer overflows:
> > > jobid length and hostname length weren't properly checked,
On Tue, Oct 11, 2011 at 21:27:08 +0200, Moritz Mühlenhoff wrote:
> On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote:
> > On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
> > > On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
> > >
> > > > I have p
On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote:
> On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
> > On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
> >
> > > I have prepared a package in SVN which is ready for upload. Before doing
> > > so, M
On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
> On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
>
> > I have prepared a package in SVN which is ready for upload. Before doing
> > so, Moritz, can you look at this additional patch I found in the 2.4 SVN
> > branch
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
> I have prepared a package in SVN which is ready for upload. Before doing
> so, Moritz, can you look at this additional patch I found in the 2.4 SVN
> branch?
>
> svn diff -r4780:4781 svn://svn.clusterresources.com/torque/branches/2.
Hi!
On Mon, Jul 25, 2011 at 09:10:09PM -0400, Dominique Belhachemi wrote:
> Thanks for finding the security issue. We are working on a solution.
>
> Jordi, can you help out with the squeeze fix and upload? I think you
> have done those things before, right?
I have prepared a package in SVN which
Hi Moritz,
Thanks for finding the security issue. We are working on a solution.
Jordi, can you help out with the squeeze fix and upload? I think you
have done those things before, right?
Cheers
Dominique
On Mon, Jul 25, 2011 at 8:10 AM, Moritz Muehlenhoff wrote:
> Package: torque
> Severity:
Package: torque
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193
for details and references
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x
13 matches
Mail list logo
