[CentOS-devel] Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf, elfutils-libs and elfutils pakages ?
Phil Wyett
philwyett at kathenas.org
Sat Jun 30 18:38:15 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 2018-06-30 at 19:04 +0100, Phil Wyett wrote:
> On Sat, 2018-06-30 at 12:43 -0500, John R. Dennison wrote:
> > On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
> > > On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
> > > > Do we know the reason why this below listed CVEs will not be fixed
> > > > For elfutils-libelf,elfutils-libs and elfutils pakages ?
> > > > 1.CVE-2017-7607
> > > > 2.CVE-2017-7608
> > > > 3.CVE-2017-7609
> > > > 4.CVE-2017-7610
> > > > 5.CVE-2017-7611
> > > > 6.CVE-2017-7612
> > > > 7.CVE-2017-7613
> > >
> > > What makes you believe that they are not?
> >
> > https://access.redhat.com/security/cve/cve-2017-7607
> > https://access.redhat.com/security/cve/cve-2017-7608
> > https://access.redhat.com/security/cve/cve-2017-7609
> > https://access.redhat.com/security/cve/cve-2017-7610
> > https://access.redhat.com/security/cve/cve-2017-7611
> > https://access.redhat.com/security/cve/cve-2017-7612
> > https://access.redhat.com/security/cve/cve-2017-7613
> >
> > :)
> >
>
> Hi all,
>
> Could those reporting do an audit. I have checked the first link supplied
> 2017-
> 7607.
>
> Follow it to bugzilla and you get a link to a gentoo page referencing a fix
> that
> would be in elfutils 0.169. Erm... RHEL / CentOS 7 latest is elfutils 0.170,
> so
> newer than the proposed release version with fix in.
>
> Regards
>
> Phil
>
>
Hi all,
Checked all the links and all were fixed upstream and released as part of 0.169.
RHEL / CentOS 7 latest is elfutils 0.170, so we are not vulnerable. Upstream
dev added a comment to one related report.
https://bugzilla.redhat.com/show_bug.cgi?id=1441630#c3
Regards
Phil
- --
*** If this is a mailing list, I am subscribed, no need to CC me.***
Playing the game for the games sake.
IRC: kathenas
Web: https://kathenas.org
Github: https://github.com/kathenas
GitLab: https://gitlab.com/kathenas
Twitter: kathenasorg
GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJbN84hAAoJEDM/YNywubt3Bo0QAKKBNYrf6uH9Yi3sI5HR43DY
68CREAqFj3CHHLNQLsqLP9AzUKLDn0l6M8EY/hdyo4unw6YZRrplIx70/MS3DgOH
XmEUyZ3aijkyOkOZsh0D6awh9oMoyPGUXvZ0cULkol6F6RXYzSdkneckmhS96O3k
3GgWsrQ7dvRgFKrpGnIecRD77sw14NzuRUk1XfgC4SzpYeD+QpGqU1yohwXtQsVm
kEkDZNQBuzbNwsJxU9J4nOtp5oJz6fkvWaSBluKQSk2BHerhEClxSNqeA79c2kld
/nmwMYJqtdzaqWnUQ+I7zxW0/as+2p01aJ/42NA/XnPYkh2wKtiJr58p7AaIKy5X
/l6UnoVCJQODEEzV0PT/jEDonF8vx3hrxQGKRWG3VYELJFFSOMuhtAHn/iG0cxu9
aWjkZsAUfFU3EqKqSsm7BPYDH8o+qXdsyc7DOEsFpBNGW9jC1gtEr/QShMx4eFRQ
qzwqcxE5WA+EtUgOvZdTU8gD6NtZfY8lIVJftQM8i3xQ0zr7xBvj5oNkujZ52rEH
CZYvDOOS9rkK30fj4Qrc147qJ5l2L064ZKnUyXfbmKQuSULTNnrmenYnb28w986g
vsPDUsEd4mvyRZvTprX9pnM03mLaNHcUJrnS5P3uqTYpgnVo3fzfl9peqs2ONiGR
ftOvcV7QM0NbchLpLCt1
=IjAZ
-----END PGP SIGNATURE-----
More information about the CentOS-devel
mailing list