Path: csiph.com!weretis.net!feeder6.news.weretis.net!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail
From: Salvatore Bonaccorso <carnil@debian.org>
Newsgroups: gnu.utils.bug
Subject: Re: Vulnerability Report on Sharutils 4.15.2
Date: Mon, 26 Mar 2018 22:34:45 GMT
Lines: 13
Approved: bug-gnu-utils@gnu.org
Message-ID: <mailman.11280.1522103694.27995.bug-gnu-utils@gnu.org>
References: <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> <20180325175147.GA13587@eldamar.local> <CAFkjv+vMm9SB+U04_97D+To9DUaOBS2O6uLBxM1=PsPYGdn8qg@mail.gmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: usenet.stanford.edu 1522103694 5910 208.118.235.17 (26 Mar 2018 22:34:54 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bug-gnu-utils@gnu.org
To: Mohd Hanafie <nafiez.skins@gmail.com>
Envelope-to: bug-gnu-utils@gnu.org
X-Envelope-From: karl@freefriends.org
X-Envelope-To: <bug-gnu-utils@gnu.org>
Resent-Date: Mon, 26 Mar 2018 22:34:45 GMT
Resent-From: Karl Berry <karl@freefriends.org>
Resent-Message-Id: <201803262234.w2QMYjmh030973@freefriends.org>
X-Authentication-Warning: frenzy.freefriends.org: nobody set sender to karl@freefriends.org using -f
Resent-To: bug-gnu-utils@gnu.org
Content-Disposition: inline
In-Reply-To: <CAFkjv+vMm9SB+U04_97D+To9DUaOBS2O6uLBxM1=PsPYGdn8qg@mail.gmail.com>
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=+E85CUVx1u4abTSf5MpJZ4us9UCsH4perlKAuwpoW58=; b=VKYIKEr/PgOxBiUzxIwZBV59WCG141CFPZ/e2Q7OJM2VkMzKScQ3Mh9OuB81GGPZY2 XDm4C9sO2VX0DcTGzgYav8On3mJgUZPitgJnSvZ53cGtlCO1XIRtdgQVD8ThrHFJ0gGl llm5dPlG6tTzMssNVSEPok/RC8PBoDfrBTi5Zezk14FhA//uJx/P15kZyVwy+x+jaoAN 9q5oDQOsVqO3alWX8GvMFHY+x2bo1lYdX0nKxrR2o8k2VTY+wldX3+yycWNreh0SHSuh xunOMxTg3/Htj9Xzeehcq7NrQGrKO21lS+eF5krOkJSRYUPNu2/kenIIA64JpfPCXfmZ Td2A==
X-Gm-Message-State: AElRT7E8btC/W9jvcuz3T+qPDNNUq2LfiFaWiAmD/kiyUdTI6uHwofyU OgIKL0iLTyyQc51wFs0zCL8M3GZF
X-Google-Smtp-Source: AG47ELv6ouHsv2UsKRjJ0kLEBPLVVDm7asabcXeiMLIg+2p/id1xZkrwq6ajuNBZGm4UDgplCprHAQ==
X-Received: by 10.223.184.188 with SMTP id i57mr29388352wrf.105.1522039579966; Sun, 25 Mar 2018 21:46:19 -0700 (PDT)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 96.88.95.60
X-BeenThere: bug-gnu-utils@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Bug reports for the GNU utilities <bug-gnu-utils.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-utils/>
List-Post: <mailto:bug-gnu-utils@gnu.org>
List-Help: <mailto:bug-gnu-utils-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.utils.bug:2235

Hi,

On Sun, Mar 25, 2018 at 11:17:45PM +0000, Mohd Hanafie wrote:
> Hi,
> 
> Issue has been resolved and CVE has been assigned, CVE-2018-1000097.

This is confusing. CVE-2018-1000097 seems to be assigned specifically
for http://seclists.org/bugtraq/2018/Feb/54 which was reported as
http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00004.html
. Petr Pisar proposed a fix in
https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html