Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 08:40:07 +0200
From: Rainer Gerhards <rgerhards@...adiscon.com>
To: Sven Kieske <s.kieske@...twald.de>
Cc: oss-security@...ts.openwall.com
Subject: Re: vulnerability in rsyslog

2014-10-06 8:31 GMT+02:00 Sven Kieske <s.kieske@...twald.de>:

>
>
> On 30/09/14 18:41, Rainer Gerhards wrote:
> > 2014-09-30 18:28 GMT+02:00 Solar Designer <solar@...nwall.com>:
> >
> >> On Tue, Sep 30, 2014 at 01:55:12PM +0200, Sven Kieske wrote:
> >>> I don't understand the following statement in the
> >>> pri-vuln.txt in section "Patches":
> >>>
> >>> "Version 7.4.6, while no longer being project
> >>> supported received a patch and is also not vulnerable."
> >>>
> >>> What was patched when this version is not vulnerable?
> >>> Or do you mean it is not vulnerable after the patch got applied?
> >>
> >>
> > My apologies, this is a type that skipped past all proof-reading. It
> should
> > say "7.6.6", which is the v7 version released today. v7.4.x is not only
> > non-project supported, it's also heavily outdated and missing many other
> > patches as well (just to point this out).
>
> This still does not answer the above questions, it just changes the
> version number in your statement which led to my question.
>
>
you can view the complete patch set here:

https://github.com/rsyslog/rsyslog/commits/v7-stable

Rainer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ