[Bug 1978144] Re: [MIR] ipmitool
Antoine Lassagne
1978144 at bugs.launchpad.net
Fri Dec 5 14:25:48 UTC 2025
FYI: there was a few changes in ipmitool in the past 2 years.
- upstream on github is now public archive. upstream is now on
https://codeberg.org/IPMITool/ipmitool. They did NOT mirror all the
issue, so we may think that there are only 10 of them, but no.
- upstream has seen some recent activity (3 weeks ago, last month, 5
months ago), but not much. No new tag.
- there are a few fru refactor that were pushed, but it does not seem to
be enough to address Mark's concerns
- CVEs are now a bit more concerning than before? https://www.cve.org/CVERecord/SearchResults?query=ipmitool reports 7
- CVE-2023-31037 --> https://www.cve.org/CVERecord?id=CVE-2023-31037
- specific to nvidia bluefield DPU
- CVE-2020-5208 --> https://www.cve.org/CVERecord?id=CVE-2020-5208
- tracked in Ubuntu https://ubuntu.com/security/CVE-2020-5208
- fixed up until jammy, not after?
- CVE-2018-2906 --> https://www.cve.org/CVERecord?id=CVE-2018-2906
- seems low, not fixed
- CVE-2018-2792 --> https://www.cve.org/CVERecord?id=CVE-2018-2792
- seems high, not fixed
- CVE-2011-4339 --> https://www.cve.org/CVERecord?id=CVE-2011-4339
- tracked in Ubuntu https://ubuntu.com/security/CVE-2011-4339
- no maintained releases are affected
- CVE-2007-2387 --> https://www.cve.org/CVERecord?id=CVE-2007-2387
- very old, Apple XServe related. ipmi is used to exploit but is not the CVE itself
- CVE-2007-1346 --> https://www.cve.org/CVERecord?id=CVE-2007-1346
- very old (2007), targetting Sun Fire machines
** CVE added: https://cve.org/CVERecord?id=CVE-2007-1346
** CVE added: https://cve.org/CVERecord?id=CVE-2007-2387
** CVE added: https://cve.org/CVERecord?id=CVE-2011-4339
** CVE added: https://cve.org/CVERecord?id=CVE-2018-2792
** CVE added: https://cve.org/CVERecord?id=CVE-2018-2906
** CVE added: https://cve.org/CVERecord?id=CVE-2023-31037
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1978144
Title:
[MIR] ipmitool
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1978144/+subscriptions
More information about the ubuntu-archive
mailing list