Hi Raphael, I apologize for answering you so late.
On Thu, Apr 20, 2017 at 07:04:49PM +0200, Raphael Hertzog wrote: > I prepared an updated version of slurm-llnl to fix CVE-2016-10030 which > is a rather severe issue even if only applies to some rare cases (when there's > a prolog script and when the attacker can make it fail). Thank you very much for your work. > Gennaro, Mehdi, Remi, maybe you know wheezy users of the package to ping? > Or maybe you can test it quickly? I finally had the time to investigate on how to exploit the vulnerability and to test your patch to see if it solves the issue. I can confirm that your patch works exactly as expected. Best regards and thank you again for your valuable work -- Gennaro Oliva
