[CentOS-devel] Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf, elfutils-libs and elfutils pakages ?

Sat Jun 30 18:04:26 UTC 2018
Phil Wyett <philwyett at kathenas.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2018-06-30 at 12:43 -0500, John R. Dennison wrote:
> On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
> > On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
> > > Do we know the reason why this below listed CVEs will not be fixed
> > > For elfutils-libelf,elfutils-libs and elfutils pakages ?
> > > 1.CVE-2017-7607
> > > 2.CVE-2017-7608
> > > 3.CVE-2017-7609
> > > 4.CVE-2017-7610
> > > 5.CVE-2017-7611
> > > 6.CVE-2017-7612
> > > 7.CVE-2017-7613
> > 
> > What makes you believe that they are not?
> 
> https://access.redhat.com/security/cve/cve-2017-7607
> https://access.redhat.com/security/cve/cve-2017-7608
> https://access.redhat.com/security/cve/cve-2017-7609
> https://access.redhat.com/security/cve/cve-2017-7610
> https://access.redhat.com/security/cve/cve-2017-7611
> https://access.redhat.com/security/cve/cve-2017-7612
> https://access.redhat.com/security/cve/cve-2017-7613
> 
> :)
> 

Hi all,

Could those reporting do an audit. I have checked the first link supplied 2017-
7607.

Follow it to bugzilla and you get a link to a gentoo page referencing a fix that
would be in elfutils 0.169. Erm... RHEL  / CentOS 7 latest is elfutils 0.170, so
newer than the proposed release version with fix in.

Regards

Phil

- -- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

IRC: kathenas

Web: https://kathenas.org

Github: https://github.com/kathenas

GitLab: https://gitlab.com/kathenas

Twitter: kathenasorg

GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJbN8YzAAoJEDM/YNywubt3wx0P/1b9VU/P64l9cQ0CSNOjeLDv
MukC85QnS1qt4eH9O53LpekEiKeJpXyccsNjFsPS6xylVb1iKo6uW4b9ulV8lszG
ruEVufPude5D/Lr+1GNtdnEXUApEn1mD1jWwJIiVLIaOcZ/LVXbNardwzxvog12o
4+VoKmZb2UXK3CdAlMaYNs52tuqsiXRhk0Co3EzlBygBRBek2H0Sz87rSmoVs2Vz
fXhgttI28VJAf4wsDDFRcaNbr63dw90cvmUEmrsmSHlIdBd7X0hD8dOwZLVo93LA
jywzfzWBJAUEu0s/7cqSlDbJAqsXF7lbbVUOFB+b/A6TJ7V3M8GRemO2v0e+RZt2
LcpGy9fDqQaBEr0Hl/nb6xViZ9yJKgRKhpUiMC3jAWL/qDouimZju8120rLnJ4An
fJEm8JxI6ghz0DT4Z3SDjKkFeZqDjEQJDyIbUqT5W9BU7hWY2rMer7kZIYYKWxRQ
P/IUqY8+7Gng/OMKNpuy8cbwvftyj/0jW3AvXkdHVMzsj7OmlLwYISOgusXImWWr
DP2tP9GEvFgJpvBMun+f86fN0tyVdN4NFJ7+lc5O8gMVOV07uetij+CoR/oleKev
6QzcR26r7hfr01I8zGrIGGMq8wBfqvd4/STKjZzCrDvjl77k757bjZ2hoz/ZFBdK
Atfiq6pxt10mqOVPyzCk
=0Zxe
-----END PGP SIGNATURE-----