GNU bug report logs - #56520
Security vulnerabilities at coreutils version for CentOS 7.9

Previous Next

Package: coreutils;

Reported by: Meirav Rath <meirav.rath <at> imperva.com>

Date: Tue, 12 Jul 2022 15:28:03 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 56520 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Meirav Rath <meirav.rath <at> imperva.com>, 56520 <at> debbugs.gnu.org
Cc: Gadi Friedman <gadi.friedman <at> imperva.com>,
 Ariel Bressler <ariel.bressler <at> imperva.com>
Subject: Re: bug#56520: Security vulnerabilities at coreutils version for
 CentOS 7.9
Date: Tue, 12 Jul 2022 22:52:58 +0100

On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote:
> Hello,
> 
> My name is Meirav Rath, I'm a software developer and security champion at Imperva.
> As part of our effort to map security risks in our products I've been scanning our 3rd party rpms for vulnerabilities. It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>.
> 
> When can we expect an updated RPM of a more advanced version with fixes for this issues, aimed for CentOS7.9?

This was previously discussed at:
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
With corresponding doc patch at:
https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796

cheers,
Pádraig

This bug report was last modified 2 years and 312 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #56520 Security vulnerabilities at coreutils version for CentOS 7.9

GNU bug report logs - #56520
Security vulnerabilities at coreutils version for CentOS 7.9