[Rpm-maint] rpm security exposure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
swamy sangamesh
swamy.sangamesh at gmail.com
Thu Nov 4 08:54:54 UTC 2010
Hi Pinto,
Thanks for your investigation, you have a patch which i can test for 3.0.5
source ?
On Wed, Nov 3, 2010 at 10:49 PM, devzero2000 <pinto.elia at gmail.com> wrote:
> The CVE is CONFIRMED with AIX 5.3 latest fixpack applied. I am pretty sure
> it is also the same issue on AIX 6.x. I have do some trivial update to the
> original bugzilla SPEC for testing this. Reading the rpm 3.0.5 code confirm
> the issue also. But the original patch to @rpm.org is not applicable as
> is.
>
>
> Regards
>
> On Wed, Nov 3, 2010 at 12:32 PM, devzero2000 <pinto.elia at gmail.com> wrote:
>
>> On Wed, Nov 3, 2010 at 5:33 AM, swamy sangamesh <
>> swamy.sangamesh at gmail.com> wrote:
>>
>>>
>>> Hi Pinto,
>>>
>>> We are using it for IBM AIX Toolbox for linux applications with AIX
>>> version 5.3 and above.
>>> currently we are using rpm-3.0.5 source to build the binaries.
>>
>> I imagined already But the rpm.rte fileset is a proprietary supported
>> package lslpp from IBM (rpm.rte).
>> I have see on the ibm fixcentral that the latest *Technology Level
>> 5300-12-00-1015 doesn.'t contain or reference a security problem on rpm
>> (http://www-933.ibm.com/support/fixcentral/aix/fixpackdetails?fixid=5300-12-00-1015).
>> Have you opened an APAR ? I am sure that IBM*
>> know to who ask for a fix, if necessary. Now there is no such fix
>> http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=1&prefsOnOff=null&topic=SECURITY&month=ALL&heading=AIX53
>>
>> Regards
>>
>
>
--
Thanks & Regards,
Sangamesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20101104/d5d108c9/attachment.html>
More information about the Rpm-maint
mailing list