--- Begin Message ---
|
Subject: |
cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166 |
|
Date: |
Wed, 31 Mar 2021 03:50:22 +0200 |
|
User-agent: |
Evolution 3.34.2 |
I asked the maintainer to fix the issues because they were unfixed
since a while, they have done so recently:
https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
They have not made a recently, also it seems they fixed other issues
that could be security relevant in their commit log, not sure if we
apply/backport patches or wait for release.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#47510: cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166 |
|
Date: |
Thu, 17 Mar 2022 22:35:12 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hello!
Léo Le Bouter <lle-bout@zaclys.net> writes:
> I asked the maintainer to fix the issues because they were unfixed
> since a while, they have done so recently:
>
> https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
>
> They have not made a recently, also it seems they fixed other issues
> that could be security relevant in their commit log, not sure if we
> apply/backport patches or wait for release.
Our cflow package is now at 1.7, which includes the above commit and CVE
fixes.
Thank you,
Maxim
--- End Message ---