bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9

[Meirav Rath via GNU coreutils Bug Reports]

Hi Pádraig,

Thank you, I will discuss this further with CentOS.

Cheers,
Meirav.




Meirav Rath | SW Engineer & DB Researcher | Data Control team
meirav.r...@imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551
imperva.com | facebook | linkedin | twitter

-Original Message-
From: Pádraig Brady  On Behalf Of Pádraig Brady
Sent: Wednesday, July 13, 2022 12:53 AM
To: Meirav Rath ; 56...@debbugs.gnu.org
Cc: Gadi Friedman ; Ariel Bressler 

Subject: Re: bug#56520: Security vulnerabilities at coreutils version for 
CentOS 7.9

CAUTION: This message was sent from outside the company. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.


On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote:
> Hello,
>
> My name is Meirav Rath, I'm a software developer and security champion at 
> Imperva.
> As part of our effort to map security risks in our products I've been 
> scanning our 3rd party rpms for vulnerabilities. It looks like coreutils 
> available rpm for CentOS 7.9 (8.22) has the vulnerability 
> CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>.
>
> When can we expect an updated RPM of a more advanced version with fixes for 
> this issues, aimed for CentOS7.9?

This was previously discussed at:
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
With corresponding doc patch at:
https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796

cheers,
Pádraig
---
This message is confidential. If you believe you received this message in 
error, please inform the sender and delete this message and all attachments.

bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9

[Pádraig Brady]

On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote:

Hello,

My name is Meirav Rath, I'm a software developer and security champion at 
Imperva.
As part of our effort to map security risks in our products I've been scanning our 
3rd party rpms for vulnerabilities. It looks like coreutils available rpm for CentOS 
7.9 (8.22) has the vulnerability 
CVE-2017-18018.

When can we expect an updated RPM of a more advanced version with fixes for 
this issues, aimed for CentOS7.9?


This was previously discussed at:
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
With corresponding doc patch at:
https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796

cheers,
Pádraig

bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9

[Paul Eggert]

On 7/12/22 05:43, Meirav Rath via GNU coreutils Bug Reports wrote:

It looks like coreutils available rpm for CentOS 7.9 (8.22) has the vulnerability 
CVE-2017-18018.

When can we expect an updated RPM of a more advanced version with fixes for 
this issues, aimed for CentOS7.9?


CentOS is downstream from the Coreutils project, so I suggest asking the 
CentOS maintainers instead of this mailing list.

bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9

[Meirav Rath via GNU coreutils Bug Reports]

Hello,

My name is Meirav Rath, I'm a software developer and security champion at 
Imperva.
As part of our effort to map security risks in our products I've been scanning 
our 3rd party rpms for vulnerabilities. It looks like coreutils available rpm 
for CentOS 7.9 (8.22) has the vulnerability 
CVE-2017-18018.

When can we expect an updated RPM of a more advanced version with fixes for 
this issues, aimed for CentOS7.9?

Thanks.



[cid:image001.png@01D89606.0E772890]

Meirav Rath | SW Engineer & DB Researcher | Data Control team
meirav.r...@imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551
imperva.com | facebook 
| linkedin | 
twitter

---
This message is confidential. If you believe you received this message in 
error, please inform the sender and delete this message and all attachments.