OpenCSW Bug Tracker


Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004769 [findutils] upgrade major always 2011-05-14 14:50 2012-12-18 00:07
Reporter jay View Status public  
Assigned To bwalton
Priority normal Resolution won't fix  
Status closed  
Summary 0004769: Current stable release is vulnerable to CVE-2007-2452
Description GNU Findutils release 4.2.31 fixes CVE-2007-2452 but stable is 4.2.30, and so it's vulnerable.
Additional Information See http://lists.gnu.org/archive/html/bug-findutils/2007-06/msg00000.html [^]
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0009051)
bwalton (administrator)
2011-05-15 15:31

Hi Jay,

At this point, I'd advise updating to current. I contains 4.4.2 (among other things). Stable is over 3 years old now.

Thanks
-Ben
(0009055)
jay (reporter)
2011-05-15 18:10

Actually I'm not running either current or stable, I'm the upstream maintainer. But having a "stable" release with a potential local root exploit isn't a good idea.
(0009057)
bwalton (administrator)
2011-05-16 14:54

Ok. We'll do our best. Stable has sort of become a place of bit rot as time has progressed. Nobody uses (eg: no maintainers) which makes building updated packages difficult. Releasing updates to it has proved difficult in the past as well...I've asked if anyone has a 'stable' setup that we could use to build the update.

Thanks
-Ben
(0010245)
bwalton (administrator)
2012-12-18 00:07

It was a long time coming but the stable release was just deprecated.

(Small world, btw.)


Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker