Hi,
There was new packages (4.4.3-3) released on Oct 29, but they don't address the CVE-2015-7835 problems. Does anyone have news about a rebuild with this fix applied? Or should we make our own build?
/jens
On Wed, Nov 4, 2015 at 1:18 PM, Jens Larsson jens@nsc.liu.se wrote:
Hi,
There was new packages (4.4.3-3) released on Oct 29, but they don't address the CVE-2015-7835 problems. Does anyone have news about a rebuild with this fix applied? Or should we make our own build?
Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a mistake when I made the changelog. Sorry about that.
-George
There was new packages (4.4.3-3) released on Oct 29, but they don't address the CVE-2015-7835 problems. Does anyone have news about a rebuild with this fix applied? Or should we make our own build?
Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a mistake when I made the changelog. Sorry about that.
-George
Ah, I thought I was careful before posting and even checked the source RPM. But of course I did it wrong. The patch is there all right...
Sorry for the noise. And thanks for all the good work on this project!
/jens
On Wed, Nov 4, 2015 at 4:11 PM, Jens Larsson jens@nsc.liu.se wrote:
There was new packages (4.4.3-3) released on Oct 29, but they don't address the CVE-2015-7835 problems. Does anyone have news about a rebuild with this fix applied? Or should we make our own build?
Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a mistake when I made the changelog. Sorry about that.
-George
Ah, I thought I was careful before posting and even checked the source RPM. But of course I did it wrong. The patch is there all right...
Sorry for the noise. And thanks for all the good work on this project!
No problem -- definitely rather err on the side of "unnecessary noise" rather than "missed an important security update". :-)
Peace, -George
-
George Dunlap -
Jens Larsson