oss-sec mailing list archives
Re: CVE Request: grep
From: Paul Eggert <eggert () cs ucla edu>
Date: Fri, 21 Dec 2012 18:33:04 -0800
On 12/21/2012 04:19 PM, Seth Arnold wrote:
Paul, are any security issues fixed with those patches?
Possibly. I usually don't bother to try to find exploits, so I can't say for sure.
Did I overlook any other patches that need CVE numbers?
If memory serves you also need to update gnulib. The set of patches is tricky enough that it is probably better to upgrade to 2.11; that's simpler, and arguably it's more likely to be safe. You might want to fix the two bugs that were introduced in 2.11 (see the NEWS file), but you probably already have a 2.11 package that does that, somewhere. You might also want to undo the -r change introduced in 2.11.
Current thread:
- CVE Request: grep Seth Arnold (Dec 21)
- Re: CVE Request: grep Paul Eggert (Dec 21)
- Re: CVE Request: grep Kurt Seifried (Dec 21)