gnustep-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gdomap vulnernability...

From: Ivan Vučica
Subject: Re: gdomap vulnernability...
Date: Tue, 30 Dec 2014 17:40:59 +0000
Clicking around, I got here:
https://lwn.net/Alerts/626364/

Which says:

Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnustep-base/gnustep-base < 1.24.6-r1 >= 1.24.6-r1


NIST's NVD:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2980
which links to the following diff:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756
and to the bug on Savannah:
https://savannah.gnu.org/bugs/?41751
and to following email on seclists:
http://seclists.org/oss-sec/2014/q2/152

Sounds like it's been resolved for several months now. It's still worth bringing up for people who are using pre-1.24.6 GNUstep and depend on gdomap.

On Tue, Dec 30, 2014 at 4:07 PM, Gregory Casamento <address@hidden> wrote:
I'm bringing this to the attention of the list....

https://lwn.net/Vulnerabilities/626438/

I don't know any additional details regarding this issue other than
what is on that webpage. Is this an issue that has already been
addressed internally?

GC
--
Gregory Casamento
GNUstep Lead Developer / OLC, Principal Consultant
http://www.gnustep.org - http://heronsperch.blogspot.com
http://ind.ie/phoenix/

_______________________________________________
Gnustep-dev mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/gnustep-dev



--
Ivan Vučica
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]