bug#56520: Security vulnerabilities at coreutils version for CentOS 7.9

[Meirav Rath]

Hi Pádraig,

Thank you, I will discuss this further with CentOS.

Cheers,
Meirav.




Meirav Rath | SW Engineer & DB Researcher | Data Control team
meirav.rath@imperva.com | o: +972 3-684-1665 | m: +972 54-593-1551
imperva.com | facebook | linkedin | twitter

-----Original Message-----
From: Pádraig Brady <pixelbeat@gmail.com> On Behalf Of Pádraig Brady
Sent: Wednesday, July 13, 2022 12:53 AM
To: Meirav Rath <meirav.rath@imperva.com>; 56520@debbugs.gnu.org
Cc: Gadi Friedman <gadi.friedman@imperva.com>; Ariel Bressler 
<ariel.bressler@imperva.com>
Subject: Re: bug#56520: Security vulnerabilities at coreutils version for 
CentOS 7.9

CAUTION: This message was sent from outside the company. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.


On 12/07/2022 13:43, Meirav Rath via GNU coreutils Bug Reports wrote:
> Hello,
>
> My name is Meirav Rath, I'm a software developer and security champion at 
> Imperva.
> As part of our effort to map security risks in our products I've been 
> scanning our 3rd party rpms for vulnerabilities. It looks like coreutils 
> available rpm for CentOS 7.9 (8.22) has the vulnerability 
> CVE-2017-18018<https://nvd.nist.gov/vuln/detail/CVE-2017-18018>.
>
> When can we expect an updated RPM of a more advanced version with fixes for 
> this issues, aimed for CentOS7.9?

This was previously discussed at:
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
With corresponding doc patch at:
https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=bc2fd9796

cheers,
Pádraig
-------------------------------------------
This message is confidential. If you believe you received this message in 
error, please inform the sender and delete this message and all attachments.