Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 09:12:49 +0200
From: Sven Kieske <s.kieske@...twald.de>
To: Rainer Gerhards <rgerhards@...adiscon.com>
CC: <oss-security@...ts.openwall.com>
Subject: Re: vulnerability in rsyslog



On 06/10/14 08:40, Rainer Gerhards wrote:
> 2014-10-06 8:31 GMT+02:00 Sven Kieske <s.kieske@...twald.de>:
> 
>>
>>
>> On 30/09/14 18:41, Rainer Gerhards wrote:
>>> 2014-09-30 18:28 GMT+02:00 Solar Designer <solar@...nwall.com>:
>>>
>>>> On Tue, Sep 30, 2014 at 01:55:12PM +0200, Sven Kieske wrote:
>>>>> I don't understand the following statement in the
>>>>> pri-vuln.txt in section "Patches":
>>>>>
>>>>> "Version 7.4.6, while no longer being project
>>>>> supported received a patch and is also not vulnerable."
>>>>>
>>>>> What was patched when this version is not vulnerable?
>>>>> Or do you mean it is not vulnerable after the patch got applied?
>>>>
>>>>
>>> My apologies, this is a type that skipped past all proof-reading. It
>> should
>>> say "7.6.6", which is the v7 version released today. v7.4.x is not only
>>> non-project supported, it's also heavily outdated and missing many other
>>> patches as well (just to point this out).
>>
>> This still does not answer the above questions, it just changes the
>> version number in your statement which led to my question.
>>
>>
> you can view the complete patch set here:
> 
> https://github.com/rsyslog/rsyslog/commits/v7-stable

This web page does list all commits to v7-stable.
So I think you want me to dig through the code to find the answer to my
question?
I knew I could answer my question by going through the code, but I
figured it would be easier to ask someone who is already familiar with it.

It turned out I was wrong.

> Rainer
> 

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ