Comment 9 for bug 1864612

The CVE fixes mentioned by Christian are included in hirsute and impish's ipmitool:

ipmitool (1.8.18-10.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2020-5208: buffer overflows and potentially to remote code execution.
    Applied upstream patches:
    - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch
    - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
    - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch
    - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch
    - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch
    - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch
    (Closes: #950761).

 -- Thomas Goirand <email address hidden> Fri, 19 Feb 2021 11:04:17 +0100

These aren't included in bionic or focal though, so may be worth investigation to include if we SRU this fix.