Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf, elfutils-libs and elfutils pakages ?
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
Probably because they are all marked as Low impact. Past that you will need to ask Redhat as the project only rebuilds upstream sources.
John
On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
What makes you believe that they are not?
On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
What makes you believe that they are not?
https://access.redhat.com/security/cve/cve-2017-7607 https://access.redhat.com/security/cve/cve-2017-7608 https://access.redhat.com/security/cve/cve-2017-7609 https://access.redhat.com/security/cve/cve-2017-7610 https://access.redhat.com/security/cve/cve-2017-7611 https://access.redhat.com/security/cve/cve-2017-7612 https://access.redhat.com/security/cve/cve-2017-7613
:)
John
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 2018-06-30 at 12:43 -0500, John R. Dennison wrote:
On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
What makes you believe that they are not?
https://access.redhat.com/security/cve/cve-2017-7607 https://access.redhat.com/security/cve/cve-2017-7608 https://access.redhat.com/security/cve/cve-2017-7609 https://access.redhat.com/security/cve/cve-2017-7610 https://access.redhat.com/security/cve/cve-2017-7611 https://access.redhat.com/security/cve/cve-2017-7612 https://access.redhat.com/security/cve/cve-2017-7613
:)
Hi all,
Could those reporting do an audit. I have checked the first link supplied 2017- 7607.
Follow it to bugzilla and you get a link to a gentoo page referencing a fix that would be in elfutils 0.169. Erm... RHEL / CentOS 7 latest is elfutils 0.170, so newer than the proposed release version with fix in.
Regards
Phil
- -- *** If this is a mailing list, I am subscribed, no need to CC me.***
Playing the game for the games sake.
IRC: kathenas
Web: https://kathenas.org
Github: https://github.com/kathenas
GitLab: https://gitlab.com/kathenas
Twitter: kathenasorg
GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 2018-06-30 at 19:04 +0100, Phil Wyett wrote:
On Sat, 2018-06-30 at 12:43 -0500, John R. Dennison wrote:
On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf,elfutils-libs and elfutils pakages ? 1.CVE-2017-7607 2.CVE-2017-7608 3.CVE-2017-7609 4.CVE-2017-7610 5.CVE-2017-7611 6.CVE-2017-7612 7.CVE-2017-7613
What makes you believe that they are not?
https://access.redhat.com/security/cve/cve-2017-7607 https://access.redhat.com/security/cve/cve-2017-7608 https://access.redhat.com/security/cve/cve-2017-7609 https://access.redhat.com/security/cve/cve-2017-7610 https://access.redhat.com/security/cve/cve-2017-7611 https://access.redhat.com/security/cve/cve-2017-7612 https://access.redhat.com/security/cve/cve-2017-7613
:)
Hi all,
Could those reporting do an audit. I have checked the first link supplied 2017- 7607.
Follow it to bugzilla and you get a link to a gentoo page referencing a fix that would be in elfutils 0.169. Erm... RHEL / CentOS 7 latest is elfutils 0.170, so newer than the proposed release version with fix in.
Regards
Phil
Hi all,
Checked all the links and all were fixed upstream and released as part of 0.169. RHEL / CentOS 7 latest is elfutils 0.170, so we are not vulnerable. Upstream dev added a comment to one related report.
https://bugzilla.redhat.com/show_bug.cgi?id=1441630#c3
Regards
Phil
- -- *** If this is a mailing list, I am subscribed, no need to CC me.***
Playing the game for the games sake.
IRC: kathenas
Web: https://kathenas.org
Github: https://github.com/kathenas
GitLab: https://gitlab.com/kathenas
Twitter: kathenasorg
GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77
-
John R. Dennison -
Matthew Miller -
Phil Wyett -
Veetil, Vyshnav