From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 12 11:28:00 2022 Received: (at submit) by debbugs.gnu.org; 12 Jul 2022 15:28:00 +0000 Received: from localhost ([127.0.0.1]:43522 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBHnr-0004A1-HO for submit@debbugs.gnu.org; Tue, 12 Jul 2022 11:28:00 -0400 Received: from lists.gnu.org ([209.51.188.17]:50554) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBFJG-00016g-Uh for submit@debbugs.gnu.org; Tue, 12 Jul 2022 08:48:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51230) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBFJG-0001GR-NK for bug-coreutils@gnu.org; Tue, 12 Jul 2022 08:48:14 -0400 Received: from mail-co1nam11on20712.outbound.protection.outlook.com ([2a01:111:f400:7eab::712]:22433 helo=NAM11-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBFJC-0000fL-A2 for bug-coreutils@gnu.org; Tue, 12 Jul 2022 08:48:12 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HNdHP6v1mnadisdyprzEIwpnXjHE4STQB2r9bFVCdlbKARYMcxc+Qx1XsK7atCYhO/5DGr4MmG/IwzNs68U85WgHIDIV29+WHlGD1afsBg5y/04tmiuMpnsDGr5XCv4ildopZMZgG69leGmYDf2u/JJRNB0VF6dZE64RvU29Ez9WpgyIRRdM30itQlnkrnT4abDb0d9MDs1yr6IFMeIvWkh5W7b+UzgD4tQeSDlCNzYBThhcbzXbEs4yjeOLFOMymHX+lmwmmy+PtK74xpyYeJ/FajOUbIcibWIT33/JzYYOX3Kk4xZEa1tOc1JvrcUrFCV3tc+xPkrTG6QPTo3V4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kBDbsDyFG/1Osli8ydxVHCQj/jRkOXrP+4s41SyFkfc=; b=VsBw4UodnGU9nye4yX9L8WWVd/0FtVHV5AuhUHupQEOrXZcRm4s9o0ANBAx3DPB6Ot36gGUfBqnYSYo87xOj+1EB3eJdqG0I1QZGlQpWDNV8fvYeM272HA5cQldvZpEWyra14obD35tGb9Ax0cbBEcT0cmE5EugVNmtFONCUUEU8PJkesrEMQg8CQBPyuIJD9Vmkii/BDE1AW8dmFiaYAbyO9I5TMbpxvz9wAddK/jOzNtftvRd5cjMR744FZsGxJg7N2OD8Pw4MbXBLjSdZE4WGybbXtkcL3eU8Ie2kpDauA/mGQ9wUf3Dj1bPCCwTgSMS+/egBZPUd6auGQvhc5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=imperva.com; dmarc=pass action=none header.from=imperva.com; dkim=pass header.d=imperva.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=imperva.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kBDbsDyFG/1Osli8ydxVHCQj/jRkOXrP+4s41SyFkfc=; b=cVLaJG1mi/FWHqHt+VGJqhPZeX0zW76r/dBOb5OQrSfWgYxQQkiKokoV2FzGoE2xDuF6gVy2UtDjw0ZZ6FYT+t1aAXf48gYfd0JHzcGk7J3khiAupsG/kmLaAHt+NNVNwi+vFrnA0CK4TYtCGEkon/j3nuzpY3A5VcpJhzt5Nfc= Received: from MW4PR06MB8233.namprd06.prod.outlook.com (2603:10b6:303:124::11) by BN8PR06MB6195.namprd06.prod.outlook.com (2603:10b6:408:57::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.25; Tue, 12 Jul 2022 12:43:01 +0000 Received: from MW4PR06MB8233.namprd06.prod.outlook.com ([fe80::c961:2a33:b52b:6fa0]) by MW4PR06MB8233.namprd06.prod.outlook.com ([fe80::c961:2a33:b52b:6fa0%4]) with mapi id 15.20.5395.019; Tue, 12 Jul 2022 12:43:01 +0000 From: Meirav Rath To: "bug-coreutils@gnu.org" Subject: Security vulnerabilities at coreutils version for CentOS 7.9 Thread-Topic: Security vulnerabilities at coreutils version for CentOS 7.9 Thread-Index: AdiV7JZgrLfF8bUdRvWDJvi4GyIH9g== Date: Tue, 12 Jul 2022 12:43:01 +0000 Message-ID: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=imperva.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 06ca5c57-a84c-45ea-dc34-08da64040ebb x-ms-traffictypediagnostic: BN8PR06MB6195:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Lcct65Ys35wKcf1prdhbTX89hRHbFYwFhYwTZ0UynuYfFjFtpQeZfmkvk4xnAuU9d47h9MzlPIHl//K8fMCm+50vPvT0M1JaQoOFa2BOLdpy2TdOjqfbfEPgLgFpcL4L8rbgVUisoGTM0IzFh1iaPMl4uaqMo4WEFB5Y7AfM36ocs3Hb6MYfmRHCDqTgLGZ+5CGUdyUqsBScL6CfiAJa9+IZwSss3TtC6pnUKWH5s5uL8PFJBc8bdG6yOXsALY9OCtTsefb6rzbJH3kcZxmD3v9B1HDnm6TlvXX5T/lK9paXODV5Ykx9QurPytwzzaD/X/uMxrAn1qPJepKGXOawpDRwpZrQLGmkydyR4RLhLTqAv8e/UZwIgKeZ8wH6Csv8DNfkI+0pIvcaW/yyw2ewqwFDGs6PntIIeSTd8PtM1q2Yf5hxfuPkNJD0VznR8PVxMxQvT1zezUTGnWNqMSvGrgs8/avFwv/uZizzisD8OoRto+f2ffrtW9BNyJp9YKLXfgwpAkc0RLVhg2b1kh4IYF3hQOWZiefeOlOkijQNKG2k/Sf5RAbjd2StcNg0Y24rLv9e8VL19OB9JQaf0vPX4JcQ2LpY3PTmEonBO7gjo49T/N2ETFXyZw3xvI20efK11z4lAHy3cjOiJLGDrxyrHmQt0t0LjFsZpVHcqSNnX2d0DOW6ds8dewEbEZ5H58tpCfxbuOVz3yFsdCCbrvfW0tZe3I/XqjjHFY5GQnPZYLzt0GcquSJSBQb3v8sfhnR00afptlzTg6vDtYLPximpSu89DWi+ebWs3xEbwgAHQePL2xUfOuqQ3MqS+HFoFMsKz+f475jhSFWL7tfDXqIqEg/3D+31zjgUxY/DY1dLpmgcFHo/RGTVqaH0odzyDySM328ditXj8d6Ytkdp7/c6oA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR06MB8233.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(376002)(346002)(136003)(366004)(39850400004)(396003)(9686003)(71200400001)(41300700001)(9326002)(8936002)(66446008)(7696005)(52536014)(6506007)(83380400001)(66476007)(26005)(76116006)(66946007)(64756008)(8676002)(66556008)(4326008)(54906003)(44832011)(316002)(99936003)(6916009)(2906002)(122000001)(38100700002)(107886003)(15650500001)(38070700005)(4744005)(45080400002)(478600001)(166002)(33656002)(5660300002)(86362001)(55016003)(186003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?jJiKzoIQEdvQGuAuZ9fdokYB2kuoxEv6GVXdu1gxqVGFn1dCQLOPPsHaU2yG?= =?us-ascii?Q?0c7irE9T4vgVa90G/S01/HJLnF5/3km/l3VNzXzbex6IFEsABHLc8Gr9chqJ?= =?us-ascii?Q?CHAMpKAJJw3fngB4gqOv31wq+upE5bIkkhd4GR37SpTaAWBHO9A17d0bXGJf?= =?us-ascii?Q?gQQBDiW0a6sF1nsg1/BWdlcvqTuYX9OKFJGJYJiI8voIc7JTfmVxcD/aCxZi?= =?us-ascii?Q?/ZjHkHPm2cpZyMMHzdQXBPV1cgz0o6N19yfx87D1R6mP30xfxDjSuUUqXQ7g?= =?us-ascii?Q?BaIY/wU0/eESQSvXpCAYdGRmrPQWgysS/XhPjL0bSQxfb4uIhvrZ82aa1Nmy?= =?us-ascii?Q?PYIkpr+QgmjPtbypRIUlr6b+L3L3tyXMruZOUxhvf4WDdA4+cTStnYfWvhRU?= =?us-ascii?Q?hx2GoXAu/uksnVB8CQGCJ2+iOS+Fzh/TsoOT81QYHGBbk2ZlUne/AS56u5FS?= =?us-ascii?Q?VDJMtsBaQVeULTVsvH8c6nwJE6ZrhYN+BOK7w8I4mkvUJ0Myo+4318CiUxF+?= =?us-ascii?Q?v5ulM1ojce+2T8R0dsRkTMeSCUJ1LRSP+vMJyRb15h/KjmkDwx8AP0khMG7f?= =?us-ascii?Q?GltFoCD09YWxcIcNcbvNpLgeTkcWQx3f56L+ZafYkA7Ict+Aoex4qXtkI+um?= =?us-ascii?Q?hY9TL/XyTsgDKXzNk9oSm97S/4eh7VMA/2siPMXsPO87NRDA384wzQ6oszgc?= =?us-ascii?Q?UNnvi0J8imkqVKz680p5pMcRA6T4GYGACI9h5FM+hE4avgKKt3FmDv63BU0O?= =?us-ascii?Q?9KC3hWzfpnRbFwPLqMdJs5KM9j+8smm2pbvf7GtB/MPop8b7rBSGpHoIeDMo?= =?us-ascii?Q?37EbNmkNS84akuOagUlPoKgeoYXIPq7TzmD52bEEiECpEL5pcKOWagKaSr6n?= =?us-ascii?Q?TPafa5aIUJuX4bE+FSZm2XWaG4Bq9En7Roi8xthU+NWqOv7zzfLbJr42Qr2u?= =?us-ascii?Q?yhHDOtig60Fyea7a68c85zEGJ36c5HiRVImESPEHwBLBG0RnnohKjuytrvn+?= =?us-ascii?Q?pMWL2fwFv6cgisXvSDDMqo1xrJ6fEZqJz4Q8jUj+OCROJD2ghlk7+sBBZhbi?= =?us-ascii?Q?V+P5WXgNvDUKeazOvLK4GrK9buJC6AHdmjg1FX3agMuCseoLyBnvEreNX8S6?= =?us-ascii?Q?FhPrHPFny6Jg6zAt+++4nIkot2fOZG4J1OByqKlXtMSbKu2O2l4frZm8xsmM?= =?us-ascii?Q?DFADKgo+Kxo/k024+4O6jTP5Ihi0aFdadilXorawf9f9K1K6/QywTNFMgfKS?= =?us-ascii?Q?HVZcANVwjRd3ZZSmPseylvof8IzzVneGeLnptZPlKNN42hyowJvK9Hqk6rfz?= =?us-ascii?Q?dZbIdBfx/TvT3Tx0TuVppsYA/TEfBzGxGfrQ63QOxQlV5hQpzhypkP4oa7d3?= =?us-ascii?Q?iLNlKZNSx1ux0EkGiDA4D8qD+Ngn5iWlKARLrugNij6AzmjIWyhs3LYYgjs8?= =?us-ascii?Q?nES5JIrHBL4uWNwrErX6I8WMiyhv2cTicX6mUQobAE4Qdr7oxGAK/w6etQHw?= =?us-ascii?Q?TOJOKazvUiC2IL3O/9CC2t6DwCVkg+Drx7Z5yMUrUshbAsOq2/MnBNUlg5kG?= =?us-ascii?Q?EzfcjADPj6zgBp28dW0xgQRPWweEhQMt92NHrl8w?= Content-Type: multipart/related; boundary="_004_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_"; type="multipart/alternative" MIME-Version: 1.0 X-OriginatorOrg: imperva.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR06MB8233.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 06ca5c57-a84c-45ea-dc34-08da64040ebb X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2022 12:43:01.5561 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bd878493-8917-4c2b-9a2e-f80e639f649a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Q+wcA2qeIFaaZJlkTLiH2e1ugJZTaH7517xlMUdUb5QFMfxHjyU5qzdBNMu6WyKeqsiTEzpKdg5fLynnckS4ew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR06MB6195 Received-SPF: pass client-ip=2a01:111:f400:7eab::712; envelope-from=meirav.rath@imperva.com; helo=NAM11-CO1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 12 Jul 2022 11:27:59 -0400 Cc: Gadi Friedman , Ariel Bressler X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --_004_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_ Content-Type: multipart/alternative; boundary="_000_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_" --_000_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, My name is Meirav Rath, I'm a software developer and security champion at I= mperva. As part of our effort to map security risks in our products I've been scann= ing our 3rd party rpms for vulnerabilities. It looks like coreutils availab= le rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018. When can we expect an updated RPM of a more advanced version with fixes for= this issues, aimed for CentOS7.9? Thanks. [cid:image001.png@01D89606.0E772890] Meirav Rath | SW Engineer & DB Researcher | Data Control team meirav.rath@imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551 imperva.com | facebook | linkedin | twitter ------------------------------------------- This message is confidential. If you believe you received this message in e= rror, please inform the sender and delete this message and all attachments. --_000_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello,

 

My name is Meirav Rath, I'm a software developer and= security champion at Imperva.

As part of our effort to map security risks in our p= roducts I've been scanning our 3rd party rpms for vulnerabilities. It looks= like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018<= /a>.

 

When can we expect an updated RPM of a more advanced= version with fixes for this issues, aimed for CentOS7.9?

 

Thanks.

 

 

 

 

Meirav Rath | SW Engineer & DB Researcher | Data Control team

meirav.rath@imperva.com | o: +972 3-684-1665 |= m: +972 54-593-1551

imperva.com | fac= ebook | linkedin<= /span> | twitter

 

------------------------------= -------------
This message is confidential. If you believe you received this message in e= rror, please inform the sender and delete this message and all attachments. --_000_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_-- --_004_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5444; creation-date="Tue, 12 Jul 2022 12:43:01 GMT"; modification-date="Tue, 12 Jul 2022 12:43:01 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAKIAAAAbCAYAAAD/N1SmAAAVC0lEQVR4Xu2bB3RVxfbGf+ee29IT UghFIIBU6b0/ld6L9N4EKaKUUAWERwtVUYqoFIMoTQQUBaUF6SBFREFFCB0SUm9ubjnnv2ZuSMIT NTx5on+ZtVgLkjMze2a+2Xt/3x4UXdd1HrfHO/CId0ARQLx16xabNm2SpmiaRs2aNSlTpswjNu3x 9P+kHZBA3L9/P7Vq1cpc97Rp0xg3btw/aR8er/UR74AE4qFDh6hevXqmKbNnz2bkyJGP2LTH0/+T duCxR/wnnfZfeK0SiElJSRw9ejTTzKJFi1KgQIG/sNmPTfv/tgMSiII2uzNWJv5uBBQg3amTlKqj KKBjIDQA3JrOifMu4pIgwAfKFVGxWgyZ+/LdJTeXb2moBiiaT+GJMDFaVku169js4t86BgWCAwwk 2XRO/eDElg5hQQZKFVQxm4QFv94SUzTOXnSRkKLj46VQJK+BvCH3ziV6xydpuDXxNwUfL/C2KJz9 2cXlOIVgP42i+Y3YHR5bdBQCvBXMpl/Om5Sqke4UNnlEhtDArDX/dFXj8i0XNruGj9VAwXAjBXJn /f5BQSNOJD09HV3TEIfj7eP9oEP8V9+n2WycPHmSkiVLEhAY+F+NcbeTPS2NEydOULxECYKCgn53 LAnEb35y0HdmEro4CqMvL7bR6NrAh93H0xn9lgPdbUMxmGhUReX7WCffXDSjKEZ0XaNgmMaEHlaC /RWmR9s5ctaBweglJ7aaHHR91sDLHf0zDXltXTLv7zKju5Lx89JoXtOLLfvTuZHohaIoaJqDwnkM DGhuokVtzzjZm7gISzbZWLvLye0kFQwq6BpeJgeNq5mJ7OyNv48HBC63TqdJccTeFshSqFzcTXiQ gTU7NVSzPwHmOCb3CWDCsiQ0TUcx+dGqupNxPbLsFePY7DrPTbhFXLIJRbVSo4Sd+S8G8f6OVNbv 0Tgfa0dThK0eoJoUO9WfsjK0jYnShS2/ewj/+UFqaipdO3XiyuUrOBxOnn7maeYumIeq/vKi3e37 6sRJlKtQntZt2vzmfDF797J+3XpeW/h61pnMm4+Prw8tWrWibs1arFodTbVsnOGBFwBc/PlnGj5b nzcWL6JBw4a/O4QE4snzDrpMTZNAFAc0rLWNfs192X7YzvDFoLlsQtiRYEQAUBO31YG4rgaTLwYt VXqRdC0QzZ0mOqDrLhSDGdWai5HtbPRs7CONmRmdzOrdfrjT4zxjqlbPAeoudNFPc2Ew+ci+I9o5 6d3MN3MRmgbDXrvD7jOBuB0JEriiv6450d0OOddT+eJ5Z0wQ3laDBGKTkbe5luCD5kpD190YVIv8 XlykAO90Ns8Mpe/MOH684SfjQpBXMtvn58bLkuWRd3+dzpCFutwH1eTPzH4umtWwUnfwDe6kh6I5 k+QaxMUU+6JgwGAOwMuYysqxvpSKuI+L/Y2jSUlJoUqFijRr0YK6desycvhw+j3fH0UxcOPGdTp3 6cLXx7/m5MkT9OzVC4fDQe/uPQkOCSb6gzV8ffw4B77aT+OmTajfoAHr1q5l15c7qVylCp9u3cqZ b75h6EvDGDRkCMeOHqVb5y6YzWZGRI5i3uy5VK5SmfDwcAYPHYrFamH+nLkYVAODBg8md3g44qIs fnMRKcnJpNpSeWHwYC7HxnL27FmaNGnC6ujVVKlShReHDGHhojeJi4vnoFBm6tSmRcuWvL5gAbdv x9Grdy9KlCwpd0IC8dQPDjpNTswE4ojnXPRu6ssXR+wMe8ORBUTVC91tJ9DXQGKaWQJSeCNxqBiM KIqKryWNFJuObrCgu+wYzL6EB9j5ZHYoVrNC1PvJrPrCkgFEMJj8MJEiQ93NO25cip88WEX1eJL1 U/wpVchzkMu2pPD6xz640q5jMPqQJ8hOxWJmLt5wc/qCKm0zeuVmULMUXmjjJ4HYYvRtLt0ySSAK sIiLIy8RCoqezqkV4bz3eSpzNphw2+Pl7xe9ZKJe+SxPNmZJIlsPWeQlC/Z1sGNBbqxmPEC0B+Nj jJN7IjxnXIrYF7e0RfUKo0rRZJaPzfW7HiH7BwKI9WrXoWy5shQqWIj3Vq2iUePGfLFjB8WKF8fX 14dTJ09RoWJFvjl9mqHDXpTAyJc/P02bNWVO1GwKFCzA1StXGT5yBFEzZ0ltuEKlihw7eoxDBw4w IjKSAS8MlEAc2P95LBYLLwweJPv6+flx/dp12nfqwJ34Oxw6eJC0NBs1atbinRXLEbpzrWrVyZ8/ Pw6nk9DQEIo++SSHDx5i9ry5dO/chdHjxrFs6VLad+zI0kWLiChcmI6dO3H9+nVWvLucoKBcmExG du3dg9FkyjkQFdVMvlwaUYMDKJJXZdVnqSzerGUcsMChhUGtTHRp4M3lmy6GLkjmZqIiPZwIV1tm 5qJoftM9QDQYvalRSmd8D1/yhqhcu+1m5upUYr5RJRhVawhNKtmYPSgQkaM1HnGLBJtFeobKxTWW jAjI9FyvLEti41ciTLvImyudbXPCZJ7adNStTCAK8NYqrdGnmRc+XgYuXHXRsIqVOyk6jUfcxulS MJj9aFktnekDAiQ2UtJ0Gg6/SUKqSYK/Qx07E3sHkObQiYpOomYZK7XKmPG2KjIXFd5z4jup3EkW iamO0eBi+/wwwnOpOQajAGKDp59BMShERBSmTbu2iLxx3OgxnDr7LQP69sPlcrJo6VKqVqzEkmVv sWDePBo1boLVy0rU9Bk0atJE5plpaWnSQ54++62c/92332bGtOmcOfc9ZpPngndo207mhLPmzKZa pcqsWfuhBFFycjKXL1/GbLZQrFgxAgL8mREVRXx8PNUqVmLxsrdIuJPAmMhI6jeoz9Wr1xg1OpLe PXoycfJkadOoMaM5deIkRw4fplqN6pz99ltiYy/LiyHGf3PJYry8vHIIRLcN1RzI6A5uumeEWJdL 5+lhIm/yeMIi4U42zwrJ3Ox5HyTx7nZLRgg1svoVPyoUM2cCUXMkYjLClllBFMidlfuk2jWaRcZz M0HkeQohfg72vJGbmFPpDJrvxu1KRlWtzB1soXopsyRURlXh25+dDJiTKsOjAKPwwBF5VJqM9ABR HGS+YDdbo4Kx3IcI9Z0Rx6FzXmhuO7l8nHw2LxRfLwM7j9kZutCN5kpFXMbV432oUEyMhyRxot1O 1LkR75a56RNhBl5fn8xbn5oz1q7y4WR/yhQx5xiI4oAqli1Hn359GDt+guy3asVKpk+dyqHjx9ix fTtjI8cQHp4bh9PBps1baN2iBU2aNqV9xw60adlKetMnniggQ+HggQMJCQ2ld7++Mp2aNX0GB48d zSQRjZ6tL4E477UFPFvvXzJHXDB3Ht4+PoTnCeejDRupULECzZo3p0u3bty+fZun69SVnkwQnLr1 6lKlajXmzIpCNaq4XC7GjBvL7Jmz6N6rJ+fPn+frY8cJCAiQeejSxYupWq0a5cqXI3LMmAcIzQKI pgBe7QXt6mUQCB0aj7hJbJwZFJUKhR1ETwzO3Ow1X9iY9r4BtyNRAvX9if6UfzIbEJ1JWE0utkSF kO8/2O7EdxLZ+JUVzZGEgouYxbnZ+lUaUWuNuNPj5Wb6+6oSXFmAUEi2uaUtBtXK8tFeVC1lzgQi iplapey8FXn/MLl5Xxrj3gG3MxGD0Y/5g1QaVrUyZkkCWw9b0d1OnsxrZ+P0UMmwRROpy7vbHHx/ yUFaOhhVncJ5kEA/fUGY6ZZrX/2Kv7yEOW3iID/asEEyzrLlysluP/7wA4cPH6ZV69Z4e3vz2afb OH/+HM1btiQiIoLNmzaRJ18+mZsdOXyEfftiiCgUQeu2bTh+7Bj79sZQ51/18Pf358ihw7R9rp3M C0UTwDaZTBIcH2/aRP369Tlz5oz0hNWqVWXdunVcv3ZNgrpI0aLcvHlThuamzZtRrnx52rZti4+v L+9HR2MwGKSHEz8/ffq0LBUfPnSIxMREGjZqJEP4p598wndnz1K7Tl2qVqv64ECc2F2nwzMeKUEQ BwHEK/EeIJYt5GDN5CwgRm+3MfOD3waixeiSXvQ/JZ7FH6Xw5hYzmiNB5q1fLAhm4x47Sz8RQLwj 51etwZ7cNLPpkoR48kALC55P55lKlmxANFGjRDpvj7k/EEUIbjT8JndSTBhM3jSvauff/QOpN+QG dzLC8sttnfRt7iFPa3akyovm8cBuSZoEecJgQnh7zZmSmTffvYQ5BeLf4bt+ffoweMgQmac+jJYz spLhER82EIVH3BoV8gv9b9I7iWz4yoLmSEZR3MQsCuOjPTbmb/QcstnoZlQX/3uYbfbNMKhmapQW uqdCs0gPWUH5bSCK/hOWJbDpgJcEUf4QN32a+TJllV0SMpPqZtscYasqSZXIKe0uiwRhaIBOy9oW QgIMHP3OwRfHnLKPiN3Zo8EfOTDBjN9etgxd0xk8dMgfGeqevuvXrZPkRJChnLTTp06x4/PtDB/1 cEvAjw6IGTni1qigezyiYJ4iR7yRIOKfEJ0d7H0jNzuOeKQkETpVoxdvj7JQvfRva3TZWXNOgChA 1HOGDc2djqroeFshOU1BNflRu1QaS0Z5PL6w5eVFmgSsyInWTPLnqWwSzZQVSazdY8It2H+2tCQn B/1r32zZvJnI4SNp36kjU/49VaYl0gP/wfZMvX9RqFAh3l25IkcjiRRgdtRsPtr8MSEhWZwgR51/ 46NHBkShIwrWXLM0TOjhQ55gletxbqZH38uaG1WwMXdIILcTNBqNuEWaQ3g3CPGHmQN9qflUVu4l qkAf77MTkcdA7bKWe+SbnABRpBstRt/k55tWKVkpBqGZOiVRmzNAoXF1oXnCtoNpjFyqoztTUY0K ayYF8lREVprwMIC49oMPWbzoTfLkycu4CeMZP3Ys3539ju49ejBh0kT27/uK+fPmSca86I03ZI4n cr5NGz+iavXqjBs/npdfGkafvn05e0Yw1VgKFy3CF9u3k5CQKIGXJ08eqSEKJityx+c6dJDi+auT JjMjapYkG3Xq1SU5KZlPtmyhVOnSUptcuXwFnbt25b2VK7kTH4/VamX+wtc59933LHztNQKDApk0 ZQpbNn0sJafSZcrQtl075kRFYbPZGD5ypJwne3ukQBSGCB3RbEghLNAT8hy6r0dHNHhkmg8m+1Km sEdmWCjY6Oe+uGzXPUK47qZEAcgfqiJKh+cuuUh0hTG5q4229bwfGIhijiWbUnhjszlT5xTzCO3w s7lhspQo2qUbbpqOikPTPZJMSIBGy1pWcvkb+PrcHw/NsZcuITxVj169pOYXEhpCoUIRrI6OZvHS pdRv2IAb169Tu0ZNKW5v//xznixWjAP79/PS8OESDL379mH1e9FMnTaNr/bt45tTpyQgNm/+mN59 +jJoyGDJYju1by+BWat2bVatWEH/Ac+zbOlbfPLZNrp26kydunXZtXOnlHr6DxyAr68f06ZOlfNE zZjBM/Xrs3Pnl3Tr3l0SKAHKS5cuSSF9X0yMDPv9BwwgNvYSa6Lfp3bdOvTp15caNWv+Eoi/W1nJ yBHHd0mn07NZZKX+Sze5mewryUrJfMmsm5rlqld+lsqc9V6ZrDl6vPUe+UZ4RBFZFFX0/2VlRTDf IS3tDGglKh6eJkLty68nsPtMAJozWVZThPAtZBWRkwnioJp9mdI9jdZ1vO6prAiPWLlIEivGZxGq +0UKCbLIeHSEMO1EteSiY+0UJvS6t+wXtTqJ6N3+uDLIk6esaZBeVHhTXVSYFI+0dXftOQ1fovLR tlVrVry3SlZFYi9eomXr1rw6aZLU/ywZbDdyxEjJlgUIW7RqyexZUXy5Zzed2negUuVKHDpwkO49 e0oNT+iJTxR4QjLYfQcOZJrSqnkLQsNCJfHo0O456RU/3vQR02fMYNIrE+nQsSMFIwqxJnq11CVb tW3D6vfe4/kBA+R8QpDu2rkz5cqVZ9unn8o6dZlyZaXYLRzJxg0bEHXnIcNeJGbPXnbv3EXX7t0o UaokBQoWpGzZstKWnNWaNRsGoz+jO0Gbuh75RoSxduNvcfWOqDurlC7o4J1sjHTtrjTmrhOSniAc Kssi/Shb5F4dUdSan3vam22HHNxI9LBOcfgR4Qq9mxppV+/+xf4V29L4cKdDVlRkyU6+Q9CwGtOl wDy6i5X8ocZ7as2KYqJKsXQWvvz7Bfih8+M5fM6C7k5FVc0sG+XDUxleOTuYFm9KYe0uNzcSxF1S ZWmzQKiTXAEGzsWKipPI47LWnlMgOp1Ohg4azM4vv0RVVRa++SbXrl1jyuTJHPn6OIEZDxKELNOl Yyd69u4tPVy7Vq25ePGi/P3by5cze9YsCTzRataqJUuAwmvuz/iZ+Hm3zp05fOiw/KZU6VJSiO7V vYcErjgPAZorV65w7MhR/AMCaN+hAytXLGfAwIESiFu3fUq3Ll3p2q0bSYmJCPITHBxM3+f7s3Xz Fhn2A4OCqF27NjF7Y6RnFGN+uOYDKSFNmzEjC4guN9xJvvv+xoCvF5KR3vP6Rlfw8wJrthpsfLKG O6ObEKdFmetuEy9akkWJGvn0hSA/FaNKlqCdoSPuWhgmnwqc/MElX98I5vlUhAGL+bdfrwjbzsW6 uR6vobnFCxwonNcoWW32lvX6BsxGCMhm468Bw56ukyxeCElCoBMS8OtVkWSbzvnLLlxuAxaTTvEC qixleoQkTxO9H5RWCDIiSmuiFFa8RHFZVhNlNwEWAU7Rdu/axcB+/flww3qp24nnfCdPnODJJ4tJ ITouLo6ffvxRhkeL1YrRaCQ1JZUSJUtkLv3ChQvSY4m+xYsXl6ARmqXQ/USYDQ0NJSU1lcuxl+Xc QiP8+cIFwnLnlumB0AV/+uknwsLCJABFCTE93S7r2iIvvXblquzn6+fH0cNH8Pb1oXz58pw/d45c wcGyT6ZHzOlNfRjf3a01izzw13TEhzHPoxxDHK74c7dVqlRJ5mMPu+3ds4dvz5xh4KBBD3voP308 GZr/zFn/CUAcO3YsM2fOzNzWmJgYGZoet1/fgUcERCuaMxGz6mRLVOgvKit/9wObNGkSU6ZMyVyG +M9pNWrU+Lsv639q/58ORKGxbTjoj+Z04nYksW1OAAWzPXr4n672Txp8zJgxzJo1K3O2vXv3UqdO nT9p9r/nNH86EE/96OS7S+JRvluSF/GwwMf6oKn8X3uzjx8/zpEjRySpEJlPq1atZDL/uP2FQvPj w3i8A/fbgf8D06OlRq6LNq8AAAAASUVORK5CYII= --_004_MW4PR06MB8233563B8FF859CDFC34A358E4869MW4PR06MB8233namp_-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 12 11:45:15 2022 Received: (at 56520-done) by debbugs.gnu.org; 12 Jul 2022 15:45:15 +0000 Received: from localhost ([127.0.0.1]:43553 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBI4Z-0004sj-B0 for submit@debbugs.gnu.org; Tue, 12 Jul 2022 11:45:15 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:55742) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBI4X-0004jU-H2 for 56520-done@debbugs.gnu.org; Tue, 12 Jul 2022 11:45:14 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 8F9A81600FD; Tue, 12 Jul 2022 08:45:06 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 5CxM6xqQKDv1; Tue, 12 Jul 2022 08:45:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id BC4C6160103; Tue, 12 Jul 2022 08:45:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id v7rbfwquOT7K; Tue, 12 Jul 2022 08:45:05 -0700 (PDT) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 8E39F1600FD; Tue, 12 Jul 2022 08:45:05 -0700 (PDT) Message-ID: Date: Tue, 12 Jul 2022 08:45:04 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9 Content-Language: en-US To: Meirav Rath References: From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56520-done Cc: 56520-done@debbugs.gnu.org, Gadi Friedman , Ariel Bressler X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) On 7/12/22 05:43, Meirav Rath via GNU coreutils Bug Reports wrote: > It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018. > > When can we expect an updated RPM of a more advanced version with fixes for this issues, aimed for CentOS7.9? CentOS is downstream from the Coreutils project, so I suggest asking the CentOS maintainers instead of this mailing list. From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 12 17:53:13 2022 Received: (at 56520) by debbugs.gnu.org; 12 Jul 2022 21:53:13 +0000 Received: from localhost ([127.0.0.1]:43810 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBNoZ-0008EO-Tn for submit@debbugs.gnu.org; Tue, 12 Jul 2022 17:53:13 -0400 Received: from mail-wr1-f42.google.com ([209.85.221.42]:42878) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBNoY-0008Dt-C4 for 56520@debbugs.gnu.org; Tue, 12 Jul 2022 17:53:06 -0400 Received: by mail-wr1-f42.google.com with SMTP id bu1so11803396wrb.9 for <56520@debbugs.gnu.org>; Tue, 12 Jul 2022 14:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=e9R0/5E+or6gRSRBncdm3a24Lk1Q7EkNonhTYMrbcrI=; b=Q6gsbXlGceT0KnZhZx6wJ3hgsR6Ka44pVGc86+5SeypxRWXrCgAQv/SshhIniuRxXI ZjLd7diMxhpXFFGeF6xZj9Qxg5o/KaBGehJlM4r/OOmUThdTliv4mMd/nTNcF/jt2uSd XfJ9LcbsOZk50Ig6vRaR5YvvZLoP3Lhm+4TLImq1ZOhVOIqKHNHNhouW7srNzYz0gcZo kRYS72OT+QJv6JNK1XPrlznn18CtUJ+QjjO1JN2E1Ok2ovgnCzKJp/qkd4F9K8PiDc8j 8pZLey8uu0R7B39RpdLZSJAjMjP52smJqiu5ZcXnM5hNkhqV5WRWB3ZbPNg3KzyQIHgI QIow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:message-id:date:mime-version:user-agent :subject:content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=e9R0/5E+or6gRSRBncdm3a24Lk1Q7EkNonhTYMrbcrI=; b=OjHY/linauE2tGxp+nC6R1qU5kJRKUrjiVYQL5yCawWxhrkeJMWm//YJ+pXNGmHJWq xfYduLRt3qwTj6nCNFPVepzNVl58UmTAYTjYx7I9qaGfi8o3UjnlHC/8eiOjJv4wXTEV Xay0D+qVLAsTtZ9dXd1N/43YyYRlBctG+Yw6XbwWCcfCsd6ktbGpQp5IUjF9m8YdICWM +MmtPIz5UApV7D1D+5tc5F+xHpSxvJ3LAJZ6UdvBcT8+HWvfydvT0z/uODuwoZDTX0iM 0NIIzikJkWeqj/+ekP/d2zNRl4pxOd8fN9EVnb6Jo4t0WmA4qUVTavJxkax0Q9BmZ86a 43ow== X-Gm-Message-State: AJIora+duw9Y7j5DSsFVB4nFqI+TjHZytiIs8ePlDOYXFi4O+lun0JZv YrrfgE5Zhzp+gZA9sP3jnIU= X-Google-Smtp-Source: AGRyM1sIESggh/awFnlhGd80bqmKSw7Y0uuKcEXPYM6h4bJqqvopg5OWj9LVairvnitQELeqx7KeeQ== X-Received: by 2002:adf:efd1:0:b0:21d:6731:221e with SMTP id i17-20020adfefd1000000b0021d6731221emr97793wrp.404.1657662780269; Tue, 12 Jul 2022 14:53:00 -0700 (PDT) Received: from [192.168.1.9] (95-44-90-175-dynamic.agg2.lod.rsl-rtd.eircom.net. [95.44.90.175]) by smtp.googlemail.com with ESMTPSA id g20-20020a05600c4ed400b003a2cfb9f5basm192283wmq.16.2022.07.12.14.52.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 Jul 2022 14:52:59 -0700 (PDT) Message-ID: <942157ab-d8de-b2a9-b536-fe155ba76d43@draigBrady.com> Date: Tue, 12 Jul 2022 22:52:58 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Thunderbird/98.0 Subject: Re: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9 Content-Language: en-US To: Meirav Rath , 56520@debbugs.gnu.org References: From: =?UTF-8?Q?P=c3=a1draig_Brady?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 56520 Cc: Gadi Friedman , Ariel Bressler X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote: > Hello, > > My name is Meirav Rath, I'm a software developer and security champion at Imperva. > As part of our effort to map security risks in our products I've been scanning our 3rd party rpms for vulnerabilities. It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018. > > When can we expect an updated RPM of a more advanced version with fixes for this issues, aimed for CentOS7.9? This was previously discussed at: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html With corresponding doc patch at: https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796 cheers, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 13 07:53:51 2022 Received: (at 56520) by debbugs.gnu.org; 13 Jul 2022 11:53:51 +0000 Received: from localhost ([127.0.0.1]:44757 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBawA-0004X9-B0 for submit@debbugs.gnu.org; Wed, 13 Jul 2022 07:53:50 -0400 Received: from mail-mw2nam10on2132.outbound.protection.outlook.com ([40.107.94.132]:8225 helo=NAM10-MW2-obe.outbound.protection.outlook.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBYNn-0007vS-QL for 56520@debbugs.gnu.org; Wed, 13 Jul 2022 05:10:13 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nm6Etc8X+d33ithhSzAshdiJvnxZC//scNIUMCgoqIhq99jAXraVCem9Qr+lMvio7xRUmqXUwlPnM6FcFQL0QYUEyXDfpl6gDMnyCDNXzbRhfSjs1hQ1BXI2TZCk/eO70Iu273XXJss49EE7UDD4OEtfY8NTkJvSPv0Pn8FmKKiK440oOO8CgPD4ix809qtUOWcttpjmP54SI60zyMQotn/vC+lpJXXrpAa3RMBFisEJ4VfY4o6l4xhQczyLJr7kkTdgdayTpa72nBw7gpa3KGvyaMhb9fFdq2yk+KO3EvYiMCGNNwZtvYWPgvKPrmwZHlE22XVculzrfFQxj54yEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=glW2jzOXkVprMz0Nq1B3OrA7U65VtE9wZnnirHvC7UA=; b=RRCH4q8SZiL4SJaL5aP3hS6Gptg2BXAE02ZL4GM1rXQqjHzf3BeuxLVddMpxGAlHytWhm6+4SDjW1nwk7CDnnKEmaoVqBF4F5PWUa7ZNVGRo7xRTu0tpSm+Y7KLVNsmAIrqphuTtg605kPV6RTG0juOroENgH8ucp+zs98PGKVLHfz+CZ1raQ1wSVpSNF5waiu4kCwLBP2nw3JD1PKBAi841Dtfo32+0jYoIkiSTfug813wVdc6V9xV2Fy1KfxEIm3rj0vJZg4P+2Rklj9MEkhOrXotGM9OavgeJuQOm94SO8sJBXm7xctPzVbestmPwK32mMliXRLweAFESgcF3tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=imperva.com; dmarc=pass action=none header.from=imperva.com; dkim=pass header.d=imperva.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=imperva.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=glW2jzOXkVprMz0Nq1B3OrA7U65VtE9wZnnirHvC7UA=; b=ahLwzxdFbN/mow6JWhtWL2x0WprQAtv+AmcQvSQYPlaFfAfs/zkZ+OJbcslki0dZpnBwAVRsIsQ91S2RYIDzuq2+8ZAqzWKnfho7lfeDNdV9QQ3nilcm3wrVATEmuzukvjcXvIf2Pp+pW15OqMEZV/0ajy/RoK2ErDnUoxuNw2A= Received: from MW4PR06MB8233.namprd06.prod.outlook.com (2603:10b6:303:124::11) by SN6PR06MB5343.namprd06.prod.outlook.com (2603:10b6:805:104::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.23; Wed, 13 Jul 2022 09:10:03 +0000 Received: from MW4PR06MB8233.namprd06.prod.outlook.com ([fe80::c961:2a33:b52b:6fa0]) by MW4PR06MB8233.namprd06.prod.outlook.com ([fe80::c961:2a33:b52b:6fa0%4]) with mapi id 15.20.5395.019; Wed, 13 Jul 2022 09:10:03 +0000 From: Meirav Rath To: =?utf-8?B?UMOhZHJhaWcgQnJhZHk=?= , "56520@debbugs.gnu.org" <56520@debbugs.gnu.org> Subject: RE: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9 Thread-Topic: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9 Thread-Index: AdiV7JZgrLfF8bUdRvWDJvi4GyIH9gATSlEAABee7bA= Date: Wed, 13 Jul 2022 09:10:03 +0000 Message-ID: References: <942157ab-d8de-b2a9-b536-fe155ba76d43@draigBrady.com> In-Reply-To: <942157ab-d8de-b2a9-b536-fe155ba76d43@draigBrady.com> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=imperva.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d518d9f5-10cc-4d82-5106-08da64af78c8 x-ms-traffictypediagnostic: SN6PR06MB5343:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: LaRNufyL1UA5BjJvs5+JfN+R+xuqGTkC2TeI6KG6i8U1MlcLbQevtDuA/VzGDB3Scmuqp+AZy3uKIjBn2k6BlJv1qqIue8THznSdijtiUamxgM6c4zEhF8I4MBMeze5J6Shs/aUJ2zzzt/1FJgB0rTS6qzgavtJFTl61qrJ4ntVPaiROqAmioeL4x0Pg9gF95kiFFTXEU/ii9aoTWwc6cP/P5dOAUBJ3pvyNjSFBogqJwlYgoLo58onl55/xA/LhpD7O5Prsm5iEstEX2R2yFHUxUb9CsFGJ6k62cJvLJrXkF0JFQulExxCO0dsW1CzBfIfgKX+U8jk1ZfSdjpHfMmZDoXRYw0irXCkcfHKPgUrFlCMMgbgIs44ypZHkGFE9/Dxw80Ggv5JrCQ+0Nm+ZjpPEMmAOThi9ldFepwjIl7aihIIIkMBLKE8Q8ENWne2iMQADh54HZLvAB+N8JqX6o9uZBM90sRMYJO7f2L6TITg56fTahZIhAj+ZmQUml0FTc2E/GKxR1wGx3jJKkRJLJVJBmaqYdYcrXP2PAmbF78wkGZxfhX303CB2l7ev1cONWFlg0brWCMypnCUZ4iEceBWP9qH1kWwcMK5Ya3V5RlLdzTtDWARymQZcb5mZlcFsitPuMYhyUcbJxYq2LttgWvcFaHvJ6xD3xn/e3WU8+0ka+CAAEc0saEY1boElzI2UUA/sXsTxY7iM36NCGR0loIahjw9ySm5U5L7KEtFVr7u7F7gKoP5DBE/uNSxce4Wg5SrZrtSLIsxwKU19IQo5qgMNNhSCXRqpPNKtqah3kNxDOl8fuyr31kxXlRl2Wy+BL+NzcFd7EKTCU2B1W9yFClWb7MF4me43knWA7Tzwm3UDyjUAQcesWcah3BHliI7B x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR06MB8233.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(39860400002)(376002)(396003)(346002)(366004)(136003)(66574015)(122000001)(4326008)(186003)(478600001)(107886003)(26005)(41300700001)(6506007)(38100700002)(53546011)(7696005)(38070700005)(66476007)(83380400001)(33656002)(2906002)(5660300002)(9686003)(44832011)(55016003)(71200400001)(15650500001)(76116006)(66556008)(52536014)(110136005)(66446008)(54906003)(45080400002)(86362001)(966005)(316002)(64756008)(8676002)(66946007)(8936002)(781001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?OVF4RVlzNVNHMnA1K1F2OXpOOWU3d04wMUhiZDNHbGtlZUlSZXUzRTloQnV0?= =?utf-8?B?c3psRzdIMnBNa0NoU0YxT0U1RFpzT2ViSEc3bFVDR0FCUEhWTEtGc1RycW5S?= =?utf-8?B?RUNOSGlybFdidUxhTW5tL1VTTWhIZ2cySEtqazJDVnBvUmxxeXMraGVQVnlZ?= =?utf-8?B?UHpnWlc4ZHN4OVE2UjRDU3BsY2k3aWpaZzJIQzVXd3VIZGVTMFdSTUt0RW5E?= =?utf-8?B?b1orLzA3SE51R0ovYkNRNjN5Wkl4bDA1V2FiSXFlVXVlS3VpejA1QjNDdjZz?= =?utf-8?B?MW1nbzRJWGdHYWZYRDcrVGk5RkV1R1hsei9nZnN4Y3RJdUIvMHZoOEVJZnpH?= =?utf-8?B?dVpTbmt5MlRDeHRoY3dnNXJXSHBmT1pqVkdLQXRuY2ZSVFh5bWx0cGVaRlN5?= =?utf-8?B?Q0h1ZFFpVjNqUlQ2bURiMkwvbnRhZm9vNzRnL2JsdllUdzdHNWlsUWJhODk3?= =?utf-8?B?UlAzZkIreDRyeTEvWlZOL1pteTB5YVcxa1lKVWdqQVJQbllXbEJLY1NHRnVR?= =?utf-8?B?SjY3eXA5eEVHWjVUT2s4SFJlQjZYMk9INXhSWXZTdGw5UEVjV2JiOG9IdFpX?= =?utf-8?B?MFVMNXpoZ2NzTktRMnkxUVFUZ1d2OVhaaVM2R3VKTlBRekZSVzhFY1l1T3B0?= =?utf-8?B?VmdOdWxiMVora3pXWHVvWUV4d1hTRFhlRExKWVhkMEk3NXFYdWthNkVIK3Uv?= =?utf-8?B?ek5wL2I0ZllNUzF3akNpODE5QjI2MmFEbUF6dUoyNFRxUWU3Y1RVSEtmc3pX?= =?utf-8?B?UjBLOUFIdWZ4ajVxTVJXRlZzUFNsMnFFZkdOc0tOK09GWnBQd00rVmRBMTU3?= =?utf-8?B?YStxa0hTSXh1a3FmTUhmNENWaTNmMndER0lHQ3BFMzdlL3pKd3lZSDdTaFN0?= =?utf-8?B?TXVZVWFzRXZWQ3cwellpU3lFQlZjcjFsRVBld1dmR1VlOFo5MTBib2hNTkZv?= =?utf-8?B?MWFrZUV0WVdiN0lneThZeFhGd0w3Y1FxRndHSVd6QURXcGh0UzZlMmtkd2xG?= =?utf-8?B?MXhBSGp5OFFldVFEaGlDL0tkQVNtOHpsN3k1ZUZhL09QUE1SMHpCLzNjU2I3?= =?utf-8?B?bStQek9LZjdlbmFXYkt4dlZoM0NzQ0tHTFRseG1wOW1WWERKWnFFNkxTRnZw?= =?utf-8?B?azhQcGEwNDkxbnQ5TTRCUDMvSFhLdFgrQTdqNzAybnVyUG83MTJ3K1NhTy9V?= =?utf-8?B?dzVQcEZPYjRxN0lKVkNWMm13bzVNM1lmWk5PRzFhUG5zRlcydkJUMTNlZnFG?= =?utf-8?B?bHlJY0V1cHdkQ3VHdWJCNjZZTWluMkxmQlpMWHI3aHhLZFBIRkxFL0NCWFZX?= =?utf-8?B?ZTErQVZMODlZZHFJcjdUcG56aktVdklHNlZUeTVLTG5DRDJQMERtM1YwelZF?= =?utf-8?B?cjBTV0JnTDR2R01kY3JoR2R6ZVJ3TXlTQlc3RHdmMGt2MlYrYmhkMXZEUXht?= =?utf-8?B?MXlLK1VVQmM0WnhTbDlSVFZMVjM5QUdIQklJa0s0WnlUam1iajlpbVhlekEr?= =?utf-8?B?REk0MVRKdEVuUkttV0pDa3FnZUVDcnNaZ3hxSmZhYjlxYUovc0RnMXpVWFVK?= =?utf-8?B?MjB5cHp1d1dWeldkRFY2SXFWYS9Ndk9jUk11dlBBZFFCY3VoWDl2MVhlb1U0?= =?utf-8?B?eUZsenJGYWw3UWZhRHZEa3lhelcvOWdNbTRJVU1iNnJwVDVoVmNLak5Od1Bo?= =?utf-8?B?cStRaFhhbDRsWGRSR0VuQjZuNUtObjlCTHk1eG1nYlVlNmUwUDk4V0dBa0pG?= =?utf-8?B?Rkl0THlzSDdkT1pqaFhWRmpqUkdkMzdtazF2blRsL1o0SndxWVVhL0NrdEJu?= =?utf-8?B?QkJVeE9sS2tIZWV3K3M5RG8yT291ZEtSczVXcTB0M2EvZ1phVGZKTFdQSGpX?= =?utf-8?B?LzJXK25wQTk5d3FCNFFadDFqa3VEUmhRazRrYm03aUZvQ3NIMk9UWU5hZEdR?= =?utf-8?B?aEJvZHlmZ1JId1BqUDZ0RkU1RnFRSXBSQmR4ZlZRdnZhZlM1RXdGODJyRjU0?= =?utf-8?B?bnhJNytvUDF2TG1aa1VvRmlHL3p3NTFsNGNrMzRXQm5jYlhCVFFCQ0thR3Yv?= =?utf-8?B?eE1jRXpCZi9oVUVXa0VteVZINGtWRjZNSitpTGZKYUlLM1EyZUQvaU03S1Rm?= =?utf-8?Q?epA1as7Wx86AJwpjcqliPJAEe?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: imperva.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR06MB8233.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d518d9f5-10cc-4d82-5106-08da64af78c8 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2022 09:10:03.4481 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bd878493-8917-4c2b-9a2e-f80e639f649a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Xg9pnqEQM19QUDFpciMq1hVeBbYZtEyR5sAYUwPUlmg8IKcwkYR8tNplUl3NQoJC8t/BdWWI8yZY9Y5iARByEw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR06MB5343 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56520 X-Mailman-Approved-At: Wed, 13 Jul 2022 07:53:48 -0400 Cc: Gadi Friedman , Ariel Bressler X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) SGkgUMOhZHJhaWcsDQoNClRoYW5rIHlvdSwgSSB3aWxsIGRpc2N1c3MgdGhpcyBmdXJ0aGVyIHdp dGggQ2VudE9TLg0KDQpDaGVlcnMsDQpNZWlyYXYuDQoNCg0KDQoNCk1laXJhdiBSYXRoIHwgU1cg RW5naW5lZXIgJiBEQiBSZXNlYXJjaGVyIHwgRGF0YSBDb250cm9sIHRlYW0NCm1laXJhdi5yYXRo QGltcGVydmEuY29tIHwgbzogKzk3MiAzLTY4NC0xNjY1IHwgbTogKzk3MiA1NC01OTMtMTU1MQ0K aW1wZXJ2YS5jb20gfCBmYWNlYm9vayB8IGxpbmtlZGluIHwgdHdpdHRlcg0KDQotLS0tLU9yaWdp bmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogUMOhZHJhaWcgQnJhZHkgPHBpeGVsYmVhdEBnbWFpbC5j b20+IE9uIEJlaGFsZiBPZiBQw6FkcmFpZyBCcmFkeQ0KU2VudDogV2VkbmVzZGF5LCBKdWx5IDEz LCAyMDIyIDEyOjUzIEFNDQpUbzogTWVpcmF2IFJhdGggPG1laXJhdi5yYXRoQGltcGVydmEuY29t PjsgNTY1MjBAZGViYnVncy5nbnUub3JnDQpDYzogR2FkaSBGcmllZG1hbiA8Z2FkaS5mcmllZG1h bkBpbXBlcnZhLmNvbT47IEFyaWVsIEJyZXNzbGVyIDxhcmllbC5icmVzc2xlckBpbXBlcnZhLmNv bT4NClN1YmplY3Q6IFJlOiBidWcjNTY1MjA6IFNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcyBhdCBj b3JldXRpbHMgdmVyc2lvbiBmb3IgQ2VudE9TIDcuOQ0KDQpDQVVUSU9OOiBUaGlzIG1lc3NhZ2Ug d2FzIHNlbnQgZnJvbSBvdXRzaWRlIHRoZSBjb21wYW55LiBEbyBub3QgY2xpY2sgbGlua3Mgb3Ig b3BlbiBhdHRhY2htZW50cyB1bmxlc3MgeW91IHJlY29nbml6ZSB0aGUgc2VuZGVyIGFuZCBrbm93 IHRoZSBjb250ZW50IGlzIHNhZmUuDQoNCg0KT24gMTIvMDcvMjAyMiAxMzo0MywgTWVpcmF2IFJh dGggdmlhIEdOVSBjb3JldXRpbHMgQnVnIFJlcG9ydHMgd3JvdGU6DQo+IEhlbGxvLA0KPg0KPiBN eSBuYW1lIGlzIE1laXJhdiBSYXRoLCBJJ20gYSBzb2Z0d2FyZSBkZXZlbG9wZXIgYW5kIHNlY3Vy aXR5IGNoYW1waW9uIGF0IEltcGVydmEuDQo+IEFzIHBhcnQgb2Ygb3VyIGVmZm9ydCB0byBtYXAg c2VjdXJpdHkgcmlza3MgaW4gb3VyIHByb2R1Y3RzIEkndmUgYmVlbiBzY2FubmluZyBvdXIgM3Jk IHBhcnR5IHJwbXMgZm9yIHZ1bG5lcmFiaWxpdGllcy4gSXQgbG9va3MgbGlrZSBjb3JldXRpbHMg YXZhaWxhYmxlIHJwbSBmb3IgQ2VudE9TIDcuOSAoOC4yMikgaGFzIHRoZSB2dWxuZXJhYmlsaXR5 IENWRS0yMDE3LTE4MDE4PGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDE3 LTE4MDE4Pi4NCj4NCj4gV2hlbiBjYW4gd2UgZXhwZWN0IGFuIHVwZGF0ZWQgUlBNIG9mIGEgbW9y ZSBhZHZhbmNlZCB2ZXJzaW9uIHdpdGggZml4ZXMgZm9yIHRoaXMgaXNzdWVzLCBhaW1lZCBmb3Ig Q2VudE9TNy45Pw0KDQpUaGlzIHdhcyBwcmV2aW91c2x5IGRpc2N1c3NlZCBhdDoNCmh0dHBzOi8v bGlzdHMuZ251Lm9yZy9hcmNoaXZlL2h0bWwvY29yZXV0aWxzLzIwMTctMTIvbXNnMDAwNDUuaHRt bA0KV2l0aCBjb3JyZXNwb25kaW5nIGRvYyBwYXRjaCBhdDoNCmh0dHBzOi8vZ2l0LnN2LmdudS5v cmcvZ2l0d2ViLz9wPWNvcmV1dGlscy5naXQ7YT1jb21taXRkaWZmO2g9YmMyZmQ5Nzk2DQoNCmNo ZWVycywNClDDoWRyYWlnDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQpUaGlzIG1lc3NhZ2UgaXMgY29uZmlkZW50aWFsLiBJZiB5b3UgYmVsaWV2ZSB5b3UgcmVj ZWl2ZWQgdGhpcyBtZXNzYWdlIGluIGVycm9yLCBwbGVhc2UgaW5mb3JtIHRoZSBzZW5kZXIgYW5k IGRlbGV0ZSB0aGlzIG1lc3NhZ2UgYW5kIGFsbCBhdHRhY2htZW50cy4NCg== From unknown Fri Jun 20 07:22:57 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 11 Aug 2022 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator