GNU bug report logs - #56520
Security vulnerabilities at coreutils version for CentOS 7.9

Previous Next

Package: coreutils;

Reported by: Meirav Rath <meirav.rath <at> imperva.com>

Date: Tue, 12 Jul 2022 15:28:03 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#56520: closed (Security vulnerabilities at coreutils version
 for CentOS 7.9)
Date: Tue, 12 Jul 2022 15:46:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 12 Jul 2022 08:45:04 -0700
with message-id <d45ddac4-6d4f-6c11-2e87-74583fcd9518 <at> cs.ucla.edu>
and subject line Re: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9
has caused the debbugs.gnu.org bug report #56520,
regarding Security vulnerabilities at coreutils version for CentOS 7.9
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
56520: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56520
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Meirav Rath <meirav.rath <at> imperva.com>
To: "bug-coreutils <at> gnu.org" <bug-coreutils <at> gnu.org>
Cc: Gadi Friedman <gadi.friedman <at> imperva.com>,
 Ariel Bressler <ariel.bressler <at> imperva.com>
Subject: Security vulnerabilities at coreutils version for CentOS 7.9
Date: Tue, 12 Jul 2022 12:43:01 +0000

[Message part 3 (text/plain, inline)]
Hello,

My name is Meirav Rath, I'm a software developer and security champion at Imperva.
As part of our effort to map security risks in our products I've been scanning our 3rd party rpms for vulnerabilities. It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>.

When can we expect an updated RPM of a more advanced version with fixes for this issues, aimed for CentOS7.9?

Thanks.



[cid:image001.png <at> 01D89606.0E772890]

Meirav Rath | SW Engineer & DB Researcher | Data Control team
meirav.rath <at> imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551
imperva.com<https://imperva.com/> | facebook<https://www.facebook.com/imperva> | linkedin<https://www.linkedin.com/company/imperva> | twitter<https://twitter.com/imperva>

-------------------------------------------
This message is confidential. If you believe you received this message in error, please inform the sender and delete this message and all attachments.

[Message part 4 (text/html, inline)]
[image001.png (image/png, inline)]
[Message part 6 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Meirav Rath <meirav.rath <at> imperva.com>
Cc: 56520-done <at> debbugs.gnu.org, Gadi Friedman <gadi.friedman <at> imperva.com>,
 Ariel Bressler <ariel.bressler <at> imperva.com>
Subject: Re: bug#56520: Security vulnerabilities at coreutils version for
 CentOS 7.9
Date: Tue, 12 Jul 2022 08:45:04 -0700

On 7/12/22 05:43, Meirav Rath via GNU coreutils Bug Reports wrote:
> It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>.
> 
> When can we expect an updated RPM of a more advanced version with fixes for this issues, aimed for CentOS7.9?

CentOS is downstream from the Coreutils project, so I suggest asking the 
CentOS maintainers instead of this mailing list.
This bug report was last modified 2 years and 312 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.