Date: Mon, 6 Oct 2014 08:40:07 +0200 From: Rainer Gerhards <rgerhards@...adiscon.com> To: Sven Kieske <s.kieske@...twald.de> Cc: oss-security@...ts.openwall.com Subject: Re: vulnerability in rsyslog 2014-10-06 8:31 GMT+02:00 Sven Kieske <s.kieske@...twald.de>: > > > On 30/09/14 18:41, Rainer Gerhards wrote: > > 2014-09-30 18:28 GMT+02:00 Solar Designer <solar@...nwall.com>: > > > >> On Tue, Sep 30, 2014 at 01:55:12PM +0200, Sven Kieske wrote: > >>> I don't understand the following statement in the > >>> pri-vuln.txt in section "Patches": > >>> > >>> "Version 7.4.6, while no longer being project > >>> supported received a patch and is also not vulnerable." > >>> > >>> What was patched when this version is not vulnerable? > >>> Or do you mean it is not vulnerable after the patch got applied? > >> > >> > > My apologies, this is a type that skipped past all proof-reading. It > should > > say "7.6.6", which is the v7 version released today. v7.4.x is not only > > non-project supported, it's also heavily outdated and missing many other > > patches as well (just to point this out). > > This still does not answer the above questions, it just changes the > version number in your statement which led to my question. > > you can view the complete patch set here: https://github.com/rsyslog/rsyslog/commits/v7-stable Rainer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ