Date: Mon, 6 Oct 2014 09:12:49 +0200 From: Sven Kieske <s.kieske@...twald.de> To: Rainer Gerhards <rgerhards@...adiscon.com> CC: <oss-security@...ts.openwall.com> Subject: Re: vulnerability in rsyslog On 06/10/14 08:40, Rainer Gerhards wrote: > 2014-10-06 8:31 GMT+02:00 Sven Kieske <s.kieske@...twald.de>: > >> >> >> On 30/09/14 18:41, Rainer Gerhards wrote: >>> 2014-09-30 18:28 GMT+02:00 Solar Designer <solar@...nwall.com>: >>> >>>> On Tue, Sep 30, 2014 at 01:55:12PM +0200, Sven Kieske wrote: >>>>> I don't understand the following statement in the >>>>> pri-vuln.txt in section "Patches": >>>>> >>>>> "Version 7.4.6, while no longer being project >>>>> supported received a patch and is also not vulnerable." >>>>> >>>>> What was patched when this version is not vulnerable? >>>>> Or do you mean it is not vulnerable after the patch got applied? >>>> >>>> >>> My apologies, this is a type that skipped past all proof-reading. It >> should >>> say "7.6.6", which is the v7 version released today. v7.4.x is not only >>> non-project supported, it's also heavily outdated and missing many other >>> patches as well (just to point this out). >> >> This still does not answer the above questions, it just changes the >> version number in your statement which led to my question. >> >> > you can view the complete patch set here: > > https://github.com/rsyslog/rsyslog/commits/v7-stable This web page does list all commits to v7-stable. So I think you want me to dig through the code to find the answer to my question? I knew I could answer my question by going through the code, but I figured it would be easier to ask someone who is already familiar with it. It turned out I was wrong. > Rainer > -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ