Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > gnu.utils.bug > #2237

Re: Vulnerability Report on Sharutils 4.15.2

Path csiph.com!weretis.net!feeder6.news.weretis.net!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail
From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups gnu.utils.bug
Subject Re: Vulnerability Report on Sharutils 4.15.2
Date Fri, 6 Apr 2018 06:26:11 +0200
Lines 23
Sender Salvatore Bonaccorso <salvatore.bonaccorso@gmail.com>
Approved bug-gnu-utils@gnu.org
Message-ID <mailman.11784.1523020086.27995.bug-gnu-utils@gnu.org> (permalink)
References <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> <20180325175147.GA13587@eldamar.local> <CAFkjv+vMm9SB+U04_97D+To9DUaOBS2O6uLBxM1=PsPYGdn8qg@mail.gmail.com> <20180326044616.f4aouw6a2k5px4jq@lorien.valinor.li> <CAFkjv+vZgV6zbrhnLQDpJETZjMyajo05=r+wtqZ6BvtgjV7=xg@mail.gmail.com>
NNTP-Posting-Host lists.gnu.org
Mime-Version 1.0
Content-Type text/plain; charset=us-ascii
X-Trace usenet.stanford.edu 1523020086 5898 208.118.235.17 (6 Apr 2018 13:08:06 GMT)
X-Complaints-To action@cs.stanford.edu
Cc bug-gnu-utils@gnu.org
To Mohd Hanafie <nafiez.skins@gmail.com>
Envelope-to bug-gnu-utils@gnu.org
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=VuHbzpAD42zTEn+Yosx/X2UfRwJC6qsBZmyT5VLDkeU=; b=smrAshdZDDzOCnEt9fvgtTysqwYXEuO6y0KoT+DoEsXRKPUZn7AoFL6YaCcukED8A2 uFkBq9PSzy8nvIpjjE6SSIfzFKxm57XIVhAQiuTrnmNA+2yhVOL1etZ+578LfAgZ5mYF 1AMza5cGSsudXG2o6u+pwuZy1bE70tSC0oazMP5uHORamt7gXaxT/sCD9E+BsfpFqOCE z1LVW2IZTV0TnlFrJbZV+Yw0CYpMK0h7Lj44OyWYV2wNhVkonRE6jO996M7CMBI6t+qA 2BSS5VeQAWu23d9x+7K7vPG0OwnvZ7T5jNbTkTOjiC16Q3FGWDQCqggZNhxu1tOEnQ/U 1/wA==
X-Google-DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=VuHbzpAD42zTEn+Yosx/X2UfRwJC6qsBZmyT5VLDkeU=; b=SgjazqGaq9SsnnvcQFgDkVQBAeiB1EExuicoGtO3V2ysdXCtvb5zSku3nAqsHY2Z+/ LOpoGXMHLuunJtxD+alKV21xjx6ekiidb93Kc84RffOI1D3OqQKYSCKKu99Twxm2jf97 Vj9vnf7YV4BdRPXzUeFlaqDfTcZtCsFP+uOlgQaBqrqU3cy/IJKPnkqZQaKVnNl5R1qZ EnugTElSvgEY+McJY5CnvpYyVYJbPlT+DExciZ/mHFtDrk4SbTp1dIaHyPHJ/R/XoHPw mLtrASVQz3v2t6enJ0spEFOJMQnPVqCkZ13eQAoQUNSy0IPD8nRJs+crq1FBQPAKNjpw qxkg==
X-Gm-Message-State ALQs6tCD9s3eUEofPEcxcNiSYmybvpTM3W0fj3+yzXPR3GSArTBVaA7I R9Gyhw3J/+WBkaIsST3+M+zGfQ==
X-Google-Smtp-Source AIpwx48X4Ynu+gm5H4NX8fumJ43mq7mrvwRV1QOelWSzWmAi85KFcNKldCVUl4qNph0TYSu0KY9Jog==
X-Received by 10.28.6.14 with SMTP id 14mr11429627wmg.42.1522988773627; Thu, 05 Apr 2018 21:26:13 -0700 (PDT)
Content-Disposition inline
In-Reply-To <CAFkjv+vZgV6zbrhnLQDpJETZjMyajo05=r+wtqZ6BvtgjV7=xg@mail.gmail.com>
User-Agent Mutt/1.9.4 (2018-02-28)
X-detected-operating-system by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From 2a00:1450:400c:c09::22b
X-Mailman-Approved-At Fri, 06 Apr 2018 09:08:05 -0400
X-BeenThere bug-gnu-utils@gnu.org
X-Mailman-Version 2.1.21
Precedence list
List-Id Bug reports for the GNU utilities <bug-gnu-utils.gnu.org>
List-Unsubscribe <https://lists.gnu.org/mailman/options/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=unsubscribe>
List-Archive <http://lists.gnu.org/archive/html/bug-gnu-utils/>
List-Post <mailto:bug-gnu-utils@gnu.org>
List-Help <mailto:bug-gnu-utils-request@gnu.org?subject=help>
List-Subscribe <https://lists.gnu.org/mailman/listinfo/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=subscribe>
Xref csiph.com gnu.utils.bug:2237

Show key headers only | View raw

Hi!

[adding back the bug-gnu-utils@gnu.org list]

On Mon, Mar 26, 2018 at 04:49:56AM +0000, Mohd Hanafie wrote:
> Hi,
> 
> Apologize for the confusion. Yes I reported two different bugs here. One
> has been assign with CVE the other seems no update.
> 
> Do you guys take a look into this? If yes, is there a fix will propose and
> cve assign?

Thanks for confirming they are different issues.

AFAICT for this issue still no proposed fix is available for the
issues raised in
https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00003.html,
nor am I aware of any requested CVE assignments.

Regards,
Salvatore

Back to gnu.utils.bug | Previous | Next | Find similar

Thread

Re: Vulnerability Report on Sharutils 4.15.2 Salvatore Bonaccorso <carnil@debian.org> - 2018-04-06 06:26 +0200

csiph-web