[CentOS-devel] Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf, elfutils-libs and elfutils pakages ?

Sat Jun 30 18:38:15 UTC 2018
Phil Wyett <philwyett at kathenas.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2018-06-30 at 19:04 +0100, Phil Wyett wrote:
> On Sat, 2018-06-30 at 12:43 -0500, John R. Dennison wrote:
> > On Fri, Jun 29, 2018 at 12:01:50PM -0400, Matthew Miller wrote:
> > > On Fri, Jun 29, 2018 at 05:43:04AM +0000, Veetil, Vyshnav wrote:
> > > > Do we know the reason why this below listed CVEs will not be fixed
> > > > For elfutils-libelf,elfutils-libs and elfutils pakages ?
> > > > 1.CVE-2017-7607
> > > > 2.CVE-2017-7608
> > > > 3.CVE-2017-7609
> > > > 4.CVE-2017-7610
> > > > 5.CVE-2017-7611
> > > > 6.CVE-2017-7612
> > > > 7.CVE-2017-7613
> > > 
> > > What makes you believe that they are not?
> > 
> > https://access.redhat.com/security/cve/cve-2017-7607
> > https://access.redhat.com/security/cve/cve-2017-7608
> > https://access.redhat.com/security/cve/cve-2017-7609
> > https://access.redhat.com/security/cve/cve-2017-7610
> > https://access.redhat.com/security/cve/cve-2017-7611
> > https://access.redhat.com/security/cve/cve-2017-7612
> > https://access.redhat.com/security/cve/cve-2017-7613
> > 
> > :)
> > 
> 
> Hi all,
> 
> Could those reporting do an audit. I have checked the first link supplied
> 2017-
> 7607.
> 
> Follow it to bugzilla and you get a link to a gentoo page referencing a fix
> that
> would be in elfutils 0.169. Erm... RHEL  / CentOS 7 latest is elfutils 0.170,
> so
> newer than the proposed release version with fix in.
> 
> Regards
> 
> Phil
> 
> 

Hi all,

Checked all the links and all were fixed upstream and released as part of 0.169.
RHEL / CentOS 7 latest is elfutils 0.170, so we are not vulnerable.  Upstream
dev added a comment to one related report.

https://bugzilla.redhat.com/show_bug.cgi?id=1441630#c3

Regards

Phil

- -- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

IRC: kathenas

Web: https://kathenas.org

Github: https://github.com/kathenas

GitLab: https://gitlab.com/kathenas

Twitter: kathenasorg

GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJbN84hAAoJEDM/YNywubt3Bo0QAKKBNYrf6uH9Yi3sI5HR43DY
68CREAqFj3CHHLNQLsqLP9AzUKLDn0l6M8EY/hdyo4unw6YZRrplIx70/MS3DgOH
XmEUyZ3aijkyOkOZsh0D6awh9oMoyPGUXvZ0cULkol6F6RXYzSdkneckmhS96O3k
3GgWsrQ7dvRgFKrpGnIecRD77sw14NzuRUk1XfgC4SzpYeD+QpGqU1yohwXtQsVm
kEkDZNQBuzbNwsJxU9J4nOtp5oJz6fkvWaSBluKQSk2BHerhEClxSNqeA79c2kld
/nmwMYJqtdzaqWnUQ+I7zxW0/as+2p01aJ/42NA/XnPYkh2wKtiJr58p7AaIKy5X
/l6UnoVCJQODEEzV0PT/jEDonF8vx3hrxQGKRWG3VYELJFFSOMuhtAHn/iG0cxu9
aWjkZsAUfFU3EqKqSsm7BPYDH8o+qXdsyc7DOEsFpBNGW9jC1gtEr/QShMx4eFRQ
qzwqcxE5WA+EtUgOvZdTU8gD6NtZfY8lIVJftQM8i3xQ0zr7xBvj5oNkujZ52rEH
CZYvDOOS9rkK30fj4Qrc147qJ5l2L064ZKnUyXfbmKQuSULTNnrmenYnb28w986g
vsPDUsEd4mvyRZvTprX9pnM03mLaNHcUJrnS5P3uqTYpgnVo3fzfl9peqs2ONiGR
ftOvcV7QM0NbchLpLCt1
=IjAZ
-----END PGP SIGNATURE-----