Date: Fri, 21 Dec 2012 18:33:04 -0800 From: Paul Eggert <eggert@...ucla.edu> To: coley@...us.mitre.org, oss-security@...ts.openwall.com, security@...ntu.com Subject: Re: CVE Request: grep On 12/21/2012 04:19 PM, Seth Arnold wrote: > Paul, are any security issues fixed with those patches? Possibly. I usually don't bother to try to find exploits, so I can't say for sure. > Did I overlook > any other patches that need CVE numbers? If memory serves you also need to update gnulib. The set of patches is tricky enough that it is probably better to upgrade to 2.11; that's simpler, and arguably it's more likely to be safe. You might want to fix the two bugs that were introduced in 2.11 (see the NEWS file), but you probably already have a 2.11 package that does that, somewhere. You might also want to undo the -r change introduced in 2.11.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.