FYI: there was a few changes in ipmitool in the past 2 years. - upstream on github is now public archive. upstream is now on https://codeberg.org/IPMITool/ipmitool. They did NOT mirror all the issue, so we may think that there are only 10 of them, but no.
- upstream has seen some recent activity (3 weeks ago, last month, 5 months ago), but not much. No new tag. - there are a few fru refactor that were pushed, but it does not seem to be enough to address Mark's concerns - CVEs are now a bit more concerning than before? https://www.cve.org/CVERecord/SearchResults?query=ipmitool reports 7 - CVE-2023-31037 --> https://www.cve.org/CVERecord?id=CVE-2023-31037 - specific to nvidia bluefield DPU - CVE-2020-5208 --> https://www.cve.org/CVERecord?id=CVE-2020-5208 - tracked in Ubuntu https://ubuntu.com/security/CVE-2020-5208 - fixed up until jammy, not after? - CVE-2018-2906 --> https://www.cve.org/CVERecord?id=CVE-2018-2906 - seems low, not fixed - CVE-2018-2792 --> https://www.cve.org/CVERecord?id=CVE-2018-2792 - seems high, not fixed - CVE-2011-4339 --> https://www.cve.org/CVERecord?id=CVE-2011-4339 - tracked in Ubuntu https://ubuntu.com/security/CVE-2011-4339 - no maintained releases are affected - CVE-2007-2387 --> https://www.cve.org/CVERecord?id=CVE-2007-2387 - very old, Apple XServe related. ipmi is used to exploit but is not the CVE itself - CVE-2007-1346 --> https://www.cve.org/CVERecord?id=CVE-2007-1346 - very old (2007), targetting Sun Fire machines ** CVE added: https://cve.org/CVERecord?id=CVE-2007-1346 ** CVE added: https://cve.org/CVERecord?id=CVE-2007-2387 ** CVE added: https://cve.org/CVERecord?id=CVE-2011-4339 ** CVE added: https://cve.org/CVERecord?id=CVE-2018-2792 ** CVE added: https://cve.org/CVERecord?id=CVE-2018-2906 ** CVE added: https://cve.org/CVERecord?id=CVE-2023-31037 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1978144 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1978144/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
