Hi Pádraig, Thank you, I will discuss this further with CentOS.
Cheers, Meirav. Meirav Rath | SW Engineer & DB Researcher | Data Control team meirav.r...@imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551 imperva.com | facebook | linkedin | twitter -----Original Message----- From: Pádraig Brady <pixelb...@gmail.com> On Behalf Of Pádraig Brady Sent: Wednesday, July 13, 2022 12:53 AM To: Meirav Rath <meirav.r...@imperva.com>; 56...@debbugs.gnu.org Cc: Gadi Friedman <gadi.fried...@imperva.com>; Ariel Bressler <ariel.bress...@imperva.com> Subject: Re: bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9 CAUTION: This message was sent from outside the company. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote: > Hello, > > My name is Meirav Rath, I'm a software developer and security champion at > Imperva. > As part of our effort to map security risks in our products I've been > scanning our 3rd party rpms for vulnerabilities. It looks like coreutils > available rpm for CentOS 7.9 (8.22) has the vulnerability > CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>. > > When can we expect an updated RPM of a more advanced version with fixes for > this issues, aimed for CentOS7.9? This was previously discussed at: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html With corresponding doc patch at: https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796 cheers, Pádraig ------------------------------------------- This message is confidential. If you believe you received this message in error, please inform the sender and delete this message and all attachments.