The CVE fixes mentioned by Christian are included in hirsute and impish's ipmitool:
ipmitool (1.8.18-10.1) unstable; urgency=high * Non-maintainer upload. * CVE-2020-5208: buffer overflows and potentially to remote code execution. Applied upstream patches: - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch (Closes: #950761). -- Thomas Goirand <z...@debian.org> Fri, 19 Feb 2021 11:04:17 +0100 These aren't included in bionic or focal though, so may be worth investigation to include if we SRU this fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864612 Title: requests ipmi-tool to include lasted patch for supporting quanta server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1864612/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs