oss-sec mailing list archives

Re: CVE Request: grep

From: Paul Eggert <eggert () cs ucla edu>
Date: Fri, 21 Dec 2012 18:33:04 -0800

On 12/21/2012 04:19 PM, Seth Arnold wrote:

Paul, are any security issues fixed with those patches?


Possibly.  I usually don't bother to try to find exploits,
so I can't say for sure.

Did I overlook
any other patches that need CVE numbers?


If memory serves you also need to update gnulib.

The set of patches is tricky enough that it is probably
better to upgrade to 2.11; that's simpler, and arguably
it's more likely to be safe.  You might want to fix
the two bugs that were introduced in 2.11 (see
the NEWS file), but you probably already have a 2.11
package that does that, somewhere.  You might also
want to undo the -r change introduced in 2.11.

Current thread:

CVE Request: grep Seth Arnold (Dec 21)
- Re: CVE Request: grep Paul Eggert (Dec 21)
- Re: CVE Request: grep Kurt Seifried (Dec 21)