Hi Sam, On Tue, Apr 17, 2018 at 02:18:26PM +1000, Sam Fowler wrote: > On 17/04/18 06:40, Salvatore Bonaccorso wrote: > > Hi Sam, > > > > On Mon, Apr 09, 2018 at 10:19:34AM +1000, Sam Fowler wrote: > >> On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <oleb...@debian.org> > >> wrote: > >>> FYI > >>> > >>> > >>> -------- Forwarded Message -------- > >>> Subject: [Debian-astro-maintainers] ftools update > >>> Date: Wed, 14 Mar 2018 10:42:25 -0400 > >>> From: Michael Arida <michael.ar...@nasa.gov> > >>> To: debian-astro-maintain...@lists.alioth.debian.org > >>> > >>> > >>> Dear Debian Astro Maintainers, > >>> > >>> As you may have noticed CFITSIO was updated Friday (March 2) for a > >>> major bug fix. Since you have a software bundle that uses what we > >>> assume is CFITSIO somewhere under the hood, we wanted to let you know > >>> that you should update that code. We are also expecting another > >>> update in April. > >>> > >>> If you have any questions or concerns, feel free to contact me. > >>> > >>> Regards, > >>> Mike Arida > >>> ____________________________________________________________ > >>> Michael Arida (ADNET) ASD/HEASARC > >>> 301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC > >>> michael.ar...@nasa.gov Greenbelt, MD 20771 > >>> > >>> _______________________________________________ > >>> Debian-astro-maintainers mailing list > >>> debian-astro-maintain...@lists.alioth.debian.org > >>> https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers > >> > >> This has been assigned has been assigned CVE-2018-1000166. > > > > Looking at > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529 > > it looks for those issues already CVE-2018-3848, CVE-2018-3849 and > > CVE-2018-3846 were assigned and CVE-2018-1000166 is duplicate. Can you > > confirm? And if so ask for rejection of CVE-2018-1000166? > > > > Regards, > > Salvatore > > Hi Salvatore, > > Looks like you are correct. I've request a rejection of CVE-2018-1000166 > from DWF in favour of CVE-2018-3846. I've filed separate RH bugs for > CVE-2018-3848 and CVE-2018-3849. > > Thanks for the heads up,
Thanks a lot for confirming that quickly. I have removed as well any CVE-2018-1000166 from our security-tracker now as well. Regards, Salvatore