similar to: yum list-sec CVE

Displaying 20 results from an estimated 5000 matches similar to: "yum list-sec CVE"

2015 Sep 09
1
yum list-sec CVE
2015-09-03 12:56 GMT+02:00 Karanbir Singh <mail-lists at karan.org>: > On 02/09/15 19:27, Raymond Durand wrote: > > Hi, > > > > Is the command > > #yum list-sec cves > > > > still compatible with Centos7? > > > this should not have worked with any version of CentOS, you can do some > scraping and feeding into a local repo instance, but
2015 Sep 03
0
yum list-sec CVE
On 02/09/15 19:27, Raymond Durand wrote: > Hi, > > Is the command > #yum list-sec cves > > still compatible with Centos7? > this should not have worked with any version of CentOS, you can do some scraping and feeding into a local repo instance, but please validate the content and the checks reported therein - we do no CVE validation in CentOS Buildsystems. -- Karanbir
2015 Jan 05
4
When will CentOS Publish Errata?
> However, luckily, Gmane archives everything just fine. > http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375 Thanks Steven for bringing this thread to my attention. So it looks like there was already a discussion about this in September, and it ended with two action items. 1. Write code to automatically put the following into updateinfo.xml a. Link to RH web site b.
2015 Jan 06
2
When will CentOS Publish Errata?
> 1. Blatant screen scraping is a violation of the terms of service for RHN .. > so where is a SOURCE of information for something like this: > > https://rhn.redhat.com/errata/RHSA-2014-2024.html > > If you read this: > https://access.redhat.com/help/terms/ > > then, one can not just grab all the info on that errata page and distribute it .. > which is why we LINK
2020 Jun 30
2
can we help with libvorbis release for CVE fixes?
Yes, the gitlab instance is the correct upstream development repository. We maintain a mirror at github for the convenience of developers there. Cheers, Ralph On Mon, 2020-06-29 at 21:27 +0000, Ellen Johnson wrote: > Hi Ralph and libvorbis developers, > I thought the vorbis gitlab project was the main development site ( > https://gitlab.xiph.org/xiph/vorbis) because that's what
2018 Jan 04
3
CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter
2020 Jun 12
4
can we help with libvorbis release for CVE fixes?
Hi Ralph, Thank you for your reply! For context -- we consider reported CVEs as bugs even if it's in a third-party library we use (such as libvorbis). We first determine if the CVE is something that would impact our customer workflows. In this case because of our use of libvorbis for audio I/O, it does impact our customers so we need to resolve the CVE as soon as possible. In the
2020 Jun 10
2
can we help with libvorbis release for CVE fixes?
Hi libvorbis developers! I'm wondering if you had a chance to see my request for releasing a new libvorvis version - this is to have an official libvorbis release containing the CVE fixes that appear to be fixed in the master branch. Is there anything we can do to help with getting a release out? We're happy to work with you on this. Please let us know if we can do anything to help
2020 Jul 07
2
new 1.3.7 and fix for CVE-2018-10392 (issue 2335)?
Hi Ralph, Again, thanks so much for doing all this! Plus thanks to all the folks who contributed to the new release! Quick clarifying question -- Isn't CVE-2018-10392 (looks like it’s fixed in https://gitlab.xiph.org/xiph/vorbis/-/issues/2335) also included in new version 1.3.7? If so can you please add it to release notes? (I asked the same question in
2015 Jan 06
2
When will CentOS Publish Errata?
On 01/06/2015 04:25 AM, Liam O'Toole wrote: > On 2015-01-06, Somers-Harris, David | David | OPS > <david.somers-harris at mail.rakuten.com> wrote: >>> 1. Blatant screen scraping is a violation of the terms of service >>> for RHN .. so where is a SOURCE of information for something like >>> this: >>> >>>
2017 Dec 19
1
Fwd: httpd24 Package Question
Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am
2020 Jun 29
0
can we help with libvorbis release for CVE fixes?
Hi Ralph and libvorbis developers, I thought the vorbis gitlab project was the main development site (https://gitlab.xiph.org/xiph/vorbis) because that's what the NVD CVE tracker points to for the two CVEs I mentioned. But I just realized there's also a vorbis github project (https://github.com/xiph/vorbis). Both appear to have recent activity. Is the gitlab project the correct one
2017 Dec 19
2
Fwd: httpd24 Package Question
Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know
2020 Jul 04
0
can we help with libvorbis release for CVE fixes?
Ok, I wasn't able to track down the original steps to reproduce this issue,s but we believe CVE-2018-10393 is a dupiicate of CVE-2017-14160, both fixed by commit 018ca26dece6. Because of the confusion, I added additional bounds checks to the bark_noise_hybridmp function, which make it clear to local analysis that no for bugs in this class are possible. This change is in commit a9eb99a5bd6f.
2014 Dec 24
3
When will CentOS Publish Errata?
Hello, Currently The CentOS project publishes errata on its CentOS Announce mailing list. In order to import this into a package management system (like Katello on The Foreman), one needs to parse the mailing list and convert it into XML before importing it. This is done to some extent on http://cefs.steve-meier.de/ but some more legwork needs to be done before The Foreman can understand the
2020 Jun 10
0
can we help with libvorbis release for CVE fixes?
Hi Ellen, Thanks for your kind offer to help the release along. We have indeed been having trouble finding resources for that. You can certainly help by testing the git master branch with your software and reporting any issues you find. Otherwise, triaging outstanding bug reports and patches is always helpful, although that's not essential for a security-based release. I'll try to find
2017 Jan 13
1
yum --security check-update
Hi all, Does anyone know why when I run the following command, I get thousands of packages in the output, saying they've been excluded? [root at server yum.repos.d]# yum --security check-update | less Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.removed.com * epel: mirror.removed.com * extras: mirror.removed.com * updates: mirror.removed.com
2017 Oct 28
2
CentOS 6 SCL - httpd24 still being updated?
Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:
2023 Mar 21
2
Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),
2015 Jan 06
1
When will CentOS Publish Errata?
On 2015-01-06, Somers-Harris, David | David | OPS <david.somers-harris at mail.rakuten.com> wrote: >> 1. Blatant screen scraping is a violation of the terms of service >> for RHN .. so where is a SOURCE of information for something like >> this: >> >> https://rhn.redhat.com/errata/RHSA-2014-2024.html >> >> If you read this: