[Bug 1794219] [NEW] [MIR] ledmon

Launchpad Bug Tracker 1794219 at bugs.launchpad.net
Tue Dec 14 14:39:43 UTC 2021 

Christian Ehrhardt  (paelzer) has assigned this bug to your team "Ubuntu Foundations Bugs" for ledmon in Ubuntu:

== Requirements ==

[Availability]
Currently in universe.
Package in LP: https://launchpad.net/ubuntu/+source/ledmon
Upstream: https://github.com/intel/ledmon

[Rationale]
1.OEM projects needs to include ledmon for VROC suport (LP: #1759225)
2.Intel still maintains upstream for that (LP: #1668126)
3.Dependencies already in main.

[Security]
No security issues exposed so far. We may need to rely on Intel to be aware of upstream commits for security fixes.

[Quality Assurance]
1.No debconf questions
2.No outstanding bugs
3.I can help to make sure the consistency for status of important bugs in Debian's/Ubuntu's, and upstream's bug (on github).
4.Ledmon only supports Intel related storage controller (e.g. AHCI/iSCSI/VMD controller)
5.No test suite shipped with ledmon
6.No dependencies with obsolete or demoted packages

[UI standards]
1.This is a CLI tool/daemon service. It has normal CLI style short help and man pages. (man ledmon/ledctl)
2.No desktop file required as it is a backend tool.

[Dependencies]
build-depends: perl (main), libsgutils2-dev (main), libudev-dev (main)
binary-depends: openipmi (main)

[Standards Compliance]
The package should meet the FHS and Debian Policy standards.

[Maintenance]
Package owning team: The Foundations team
Debian package maintained by Daniel Jared Dominguez (but seems he didn't maintain the latest one: currently the version 0.90 on upstream and it's 0.79-2 on debian)
https://tracker.debian.org/pkg/ledmon

[Background Information]
ledmon and ledctl are userspace tools designed to control storage enclosure LEDs. The user must have root privileges to use these tools.

These tools use the SGPIO and SES-2 protocols to monitor and control
LEDs. They been verified to work with Intel(R) storage controllers (i.e.
the Intel(R) AHCI controller) and have not been tested with storage
controllers of other vendors (especially SAS/SCSI controllers).

For backplane enclosures attached to ISCI controllers, support is
limited to Intel(R) Intelligent Backplanes.

== Security checks ==
1.http://cve.mitre.org/cve/search_cve_list.html: Search in the National Vulnerability Database using the package as a keyword
  * There are 0 CVE entries that match your search.

2.Check OSS security mailing list (feed 'site:www.openwall.com/lists/oss-security <pkgname>' into search engine)
  * No security issue found

3.Ubuntu CVE Tracker
  http://people.ubuntu.com/~ubuntu-security/cve/main.htm
  * No
  http://people.ubuntu.com/~ubuntu-security/cve/universe.html
  * No
  http://people.ubuntu.com/~ubuntu-security/cve/partner.html
  * No

4.Check for security relevant binaries. If any are present, this requires a more in-depth security review.
  * Executables which have the suid or sgid bit set.
    No
  * Executables in /sbin, /usr/sbin.
    Yes
  * Packages which install services / daemons (/etc/init.d/*, /etc/init/*, /lib/systemd/system/*)
    No
  * Packages which open privileged ports (ports < 1024).
    No
  * Add-ons and plugins to security-sensitive software (filters, scanners, UI skins, etc)
    No

** Affects: oem-priority
     Importance: High
     Assignee: Yuan-Chen Cheng (ycheng-twn)
         Status: Fix Committed

** Affects: ledmon (Ubuntu)
     Importance: Undecided
     Assignee: Ubuntu Foundations Bugs (foundations-bugs)
         Status: Confirmed


** Tags: fr-1336 oem-priority originate-1912445
-- 
[MIR] ledmon
https://bugs.launchpad.net/bugs/1794219
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is a bug assignee.

More information about the foundations-bugs mailing list