[bug-notifications] [findutils 0004769]: Current stable release is vulnerable to CVE-2007-2452
Mantis Bug Tracker
noreply at opencsw.org
Mon May 16 14:54:17 CEST 2011
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=4769
======================================================================
Reported By: jay
Assigned To: bwalton
======================================================================
Project: findutils
Issue ID: 4769
Category: upgrade
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
======================================================================
Date Submitted: 2011-05-14 14:50 CEST
Last Modified: 2011-05-16 14:54 CEST
======================================================================
Summary: Current stable release is vulnerable to
CVE-2007-2452
Description:
GNU Findutils release 4.2.31 fixes CVE-2007-2452 but stable is 4.2.30, and
so it's vulnerable.
======================================================================
----------------------------------------------------------------------
(0009057) bwalton (manager) - 2011-05-16 14:54
https://www.opencsw.org/mantis/view.php?id=4769#c9057
----------------------------------------------------------------------
Ok. We'll do our best. Stable has sort of become a place of bit rot as
time has progressed. Nobody uses (eg: no maintainers) which makes building
updated packages difficult. Releasing updates to it has proved difficult
in the past as well...I've asked if anyone has a 'stable' setup that we
could use to build the update.
Thanks
-Ben
More information about the bug-notifications
mailing list