[Rpm-maint] rpm security exposure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
swamy.sangamesh at gmail.com
Thu Nov 4 08:54:54 UTC 2010
Thanks for your investigation, you have a patch which i can test for 3.0.5
On Wed, Nov 3, 2010 at 10:49 PM, devzero2000 <pinto.elia at gmail.com> wrote:
> The CVE is CONFIRMED with AIX 5.3 latest fixpack applied. I am pretty sure
> it is also the same issue on AIX 6.x. I have do some trivial update to the
> original bugzilla SPEC for testing this. Reading the rpm 3.0.5 code confirm
> the issue also. But the original patch to @rpm.org is not applicable as
> On Wed, Nov 3, 2010 at 12:32 PM, devzero2000 <pinto.elia at gmail.com> wrote:
>> On Wed, Nov 3, 2010 at 5:33 AM, swamy sangamesh <
>> swamy.sangamesh at gmail.com> wrote:
>>> Hi Pinto,
>>> We are using it for IBM AIX Toolbox for linux applications with AIX
>>> version 5.3 and above.
>>> currently we are using rpm-3.0.5 source to build the binaries.
>> I imagined already But the rpm.rte fileset is a proprietary supported
>> package lslpp from IBM (rpm.rte).
>> I have see on the ibm fixcentral that the latest *Technology Level
>> 5300-12-00-1015 doesn.'t contain or reference a security problem on rpm
>> Have you opened an APAR ? I am sure that IBM*
>> know to who ask for a fix, if necessary. Now there is no such fix
Thanks & Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint