[bug-notifications] [findutils 0004769]: Current stable release is vulnerable to CVE-2007-2452
Mantis Bug Tracker
noreply at opencsw.org
Sun May 15 18:10:16 CEST 2011
The following issue has been REOPENED.
======================================================================
https://www.opencsw.org/mantis/view.php?id=4769
======================================================================
Reported By: jay
Assigned To: bwalton
======================================================================
Project: findutils
Issue ID: 4769
Category: upgrade
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
======================================================================
Date Submitted: 2011-05-14 14:50 CEST
Last Modified: 2011-05-15 18:10 CEST
======================================================================
Summary: Current stable release is vulnerable to
CVE-2007-2452
Description:
GNU Findutils release 4.2.31 fixes CVE-2007-2452 but stable is 4.2.30, and
so it's vulnerable.
======================================================================
----------------------------------------------------------------------
(0009055) jay (reporter) - 2011-05-15 18:10
https://www.opencsw.org/mantis/view.php?id=4769#c9055
----------------------------------------------------------------------
Actually I'm not running either current or stable, I'm the upstream
maintainer. But having a "stable" release with a potential local root
exploit isn't a good idea.
More information about the bug-notifications
mailing list