similar to: yum list-sec CVE

2015-09-03 12:56 GMT+02:00 Karanbir Singh <mail-lists at karan.org>: > On 02/09/15 19:27, Raymond Durand wrote: > > Hi, > > > > Is the command > > #yum list-sec cves > > > > still compatible with Centos7? > > > this should not have worked with any version of CentOS, you can do some > scraping and feeding into a local repo instance, but

On 02/09/15 19:27, Raymond Durand wrote: > Hi, > > Is the command > #yum list-sec cves > > still compatible with Centos7? > this should not have worked with any version of CentOS, you can do some scraping and feeding into a local repo instance, but please validate the content and the checks reported therein - we do no CVE validation in CentOS Buildsystems. -- Karanbir

> However, luckily, Gmane archives everything just fine. > http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375 Thanks Steven for bringing this thread to my attention. So it looks like there was already a discussion about this in September, and it ended with two action items. 1. Write code to automatically put the following into updateinfo.xml a. Link to RH web site b.

> 1. Blatant screen scraping is a violation of the terms of service for RHN .. > so where is a SOURCE of information for something like this: > > https://rhn.redhat.com/errata/RHSA-2014-2024.html > > If you read this: > https://access.redhat.com/help/terms/ > > then, one can not just grab all the info on that errata page and distribute it .. > which is why we LINK

Yes, the gitlab instance is the correct upstream development repository. We maintain a mirror at github for the convenience of developers there. Cheers, Ralph On Mon, 2020-06-29 at 21:27 +0000, Ellen Johnson wrote: > Hi Ralph and libvorbis developers, > I thought the vorbis gitlab project was the main development site ( > https://gitlab.xiph.org/xiph/vorbis) because that's what

Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter

Hi Ralph, Thank you for your reply! For context -- we consider reported CVEs as bugs even if it's in a third-party library we use (such as libvorbis). We first determine if the CVE is something that would impact our customer workflows. In this case because of our use of libvorbis for audio I/O, it does impact our customers so we need to resolve the CVE as soon as possible. In the

Hi libvorbis developers! I'm wondering if you had a chance to see my request for releasing a new libvorvis version - this is to have an official libvorbis release containing the CVE fixes that appear to be fixed in the master branch. Is there anything we can do to help with getting a release out? We're happy to work with you on this. Please let us know if we can do anything to help

Hi Ralph, Again, thanks so much for doing all this! Plus thanks to all the folks who contributed to the new release! Quick clarifying question -- Isn't CVE-2018-10392 (looks like it’s fixed in https://gitlab.xiph.org/xiph/vorbis/-/issues/2335) also included in new version 1.3.7? If so can you please add it to release notes? (I asked the same question in

On 01/06/2015 04:25 AM, Liam O'Toole wrote: > On 2015-01-06, Somers-Harris, David | David | OPS > <david.somers-harris at mail.rakuten.com> wrote: >>> 1. Blatant screen scraping is a violation of the terms of service >>> for RHN .. so where is a SOURCE of information for something like >>> this: >>> >>>

Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am

Hi Ralph and libvorbis developers, I thought the vorbis gitlab project was the main development site (https://gitlab.xiph.org/xiph/vorbis) because that's what the NVD CVE tracker points to for the two CVEs I mentioned. But I just realized there's also a vorbis github project (https://github.com/xiph/vorbis). Both appear to have recent activity. Is the gitlab project the correct one

Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know

Ok, I wasn't able to track down the original steps to reproduce this issue,s but we believe CVE-2018-10393 is a dupiicate of CVE-2017-14160, both fixed by commit 018ca26dece6. Because of the confusion, I added additional bounds checks to the bark_noise_hybridmp function, which make it clear to local analysis that no for bugs in this class are possible. This change is in commit a9eb99a5bd6f.

Hello, Currently The CentOS project publishes errata on its CentOS Announce mailing list. In order to import this into a package management system (like Katello on The Foreman), one needs to parse the mailing list and convert it into XML before importing it. This is done to some extent on http://cefs.steve-meier.de/ but some more legwork needs to be done before The Foreman can understand the

Hi Ellen, Thanks for your kind offer to help the release along. We have indeed been having trouble finding resources for that. You can certainly help by testing the git master branch with your software and reporting any issues you find. Otherwise, triaging outstanding bug reports and patches is always helpful, although that's not essential for a security-based release. I'll try to find

Hi all, Does anyone know why when I run the following command, I get thousands of packages in the output, saying they've been excluded? [root at server yum.repos.d]# yum --security check-update | less Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.removed.com * epel: mirror.removed.com * extras: mirror.removed.com * updates: mirror.removed.com

Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),

On 2015-01-06, Somers-Harris, David | David | OPS <david.somers-harris at mail.rakuten.com> wrote: >> 1. Blatant screen scraping is a violation of the terms of service >> for RHN .. so where is a SOURCE of information for something like >> this: >> >> https://rhn.redhat.com/errata/RHSA-2014-2024.html >> >> If you read this: