Path: csiph.com!weretis.net!feeder6.news.weretis.net!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail From: Salvatore Bonaccorso Newsgroups: gnu.utils.bug Subject: Re: Vulnerability Report on Sharutils 4.15.2 Date: Fri, 6 Apr 2018 06:26:11 +0200 Lines: 23 Sender: Salvatore Bonaccorso Approved: bug-gnu-utils@gnu.org Message-ID: References: <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> <20180325175147.GA13587@eldamar.local> <20180326044616.f4aouw6a2k5px4jq@lorien.valinor.li> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: usenet.stanford.edu 1523020086 5898 208.118.235.17 (6 Apr 2018 13:08:06 GMT) X-Complaints-To: action@cs.stanford.edu Cc: bug-gnu-utils@gnu.org To: Mohd Hanafie Envelope-to: bug-gnu-utils@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=VuHbzpAD42zTEn+Yosx/X2UfRwJC6qsBZmyT5VLDkeU=; b=smrAshdZDDzOCnEt9fvgtTysqwYXEuO6y0KoT+DoEsXRKPUZn7AoFL6YaCcukED8A2 uFkBq9PSzy8nvIpjjE6SSIfzFKxm57XIVhAQiuTrnmNA+2yhVOL1etZ+578LfAgZ5mYF 1AMza5cGSsudXG2o6u+pwuZy1bE70tSC0oazMP5uHORamt7gXaxT/sCD9E+BsfpFqOCE z1LVW2IZTV0TnlFrJbZV+Yw0CYpMK0h7Lj44OyWYV2wNhVkonRE6jO996M7CMBI6t+qA 2BSS5VeQAWu23d9x+7K7vPG0OwnvZ7T5jNbTkTOjiC16Q3FGWDQCqggZNhxu1tOEnQ/U 1/wA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=VuHbzpAD42zTEn+Yosx/X2UfRwJC6qsBZmyT5VLDkeU=; b=SgjazqGaq9SsnnvcQFgDkVQBAeiB1EExuicoGtO3V2ysdXCtvb5zSku3nAqsHY2Z+/ LOpoGXMHLuunJtxD+alKV21xjx6ekiidb93Kc84RffOI1D3OqQKYSCKKu99Twxm2jf97 Vj9vnf7YV4BdRPXzUeFlaqDfTcZtCsFP+uOlgQaBqrqU3cy/IJKPnkqZQaKVnNl5R1qZ EnugTElSvgEY+McJY5CnvpYyVYJbPlT+DExciZ/mHFtDrk4SbTp1dIaHyPHJ/R/XoHPw mLtrASVQz3v2t6enJ0spEFOJMQnPVqCkZ13eQAoQUNSy0IPD8nRJs+crq1FBQPAKNjpw qxkg== X-Gm-Message-State: ALQs6tCD9s3eUEofPEcxcNiSYmybvpTM3W0fj3+yzXPR3GSArTBVaA7I R9Gyhw3J/+WBkaIsST3+M+zGfQ== X-Google-Smtp-Source: AIpwx48X4Ynu+gm5H4NX8fumJ43mq7mrvwRV1QOelWSzWmAi85KFcNKldCVUl4qNph0TYSu0KY9Jog== X-Received: by 10.28.6.14 with SMTP id 14mr11429627wmg.42.1522988773627; Thu, 05 Apr 2018 21:26:13 -0700 (PDT) Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::22b X-Mailman-Approved-At: Fri, 06 Apr 2018 09:08:05 -0400 X-BeenThere: bug-gnu-utils@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports for the GNU utilities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.utils.bug:2237 Hi! [adding back the bug-gnu-utils@gnu.org list] On Mon, Mar 26, 2018 at 04:49:56AM +0000, Mohd Hanafie wrote: > Hi, > > Apologize for the confusion. Yes I reported two different bugs here. One > has been assign with CVE the other seems no update. > > Do you guys take a look into this? If yes, is there a fix will propose and > cve assign? Thanks for confirming they are different issues. AFAICT for this issue still no proposed fix is available for the issues raised in https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00003.html, nor am I aware of any requested CVE assignments. Regards, Salvatore