[Rpm-maint] rpm security exposure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
pinto.elia at gmail.com
Wed Nov 3 17:19:28 UTC 2010
The CVE is CONFIRMED with AIX 5.3 latest fixpack applied. I am pretty sure
it is also the same issue on AIX 6.x. I have do some trivial update to the
original bugzilla SPEC for testing this. Reading the rpm 3.0.5 code confirm
the issue also. But the original patch to @rpm.org is not applicable as is.
On Wed, Nov 3, 2010 at 12:32 PM, devzero2000 <pinto.elia at gmail.com> wrote:
> On Wed, Nov 3, 2010 at 5:33 AM, swamy sangamesh <swamy.sangamesh at gmail.com
> > wrote:
>> Hi Pinto,
>> We are using it for IBM AIX Toolbox for linux applications with AIX
>> version 5.3 and above.
>> currently we are using rpm-3.0.5 source to build the binaries.
> I imagined already But the rpm.rte fileset is a proprietary supported
> package lslpp from IBM (rpm.rte).
> I have see on the ibm fixcentral that the latest *Technology Level
> 5300-12-00-1015 doesn.'t contain or reference a security problem on rpm
> Have you opened an APAR ? I am sure that IBM*
> know to who ask for a fix, if necessary. Now there is no such fix
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint