Hello all. Sorry about following up to my own email, but I think I understand the changes now to 2.4.18 in order to make it CVE compliant. As best I can understand, if I apply the two commits from Ellie Timoney on 10/26/2015, 2.4.18 would be "secure" once recompiled. These two commits appear to be these:
If someone can confirm that I'm correct on this, it would be very appreciated! Thanks in advance.
Tim
Tim
On Mon, Dec 14, 2015 at 11:04 AM, Tim Champ <champ@xxxxxxxx> wrote:
Hello all.
We're trying to sort through our path here with patching for the CVE/commits that were released in 2.5.7, but also relevant to 2.4.18. We're currently on 2.4 series, and I was wondering what the plans were for a 2.4 release to address these security fixes. While moving to 2.5 is in the plans, I always despise a quick upgrade of anything before major holiday periods!
My other concern was that, honestly, I'm not all that sure what the true risk and capability to exploit is for these bugs. I've read the CVE's, and associated discussions on the a few lists - but it hasn't enlightened me as much as I've hoped.
Any help, or answers, for either issue is appreciated. Thanks!
Tim--Tim Champ
Coordinator of Unix Infrastructure
UMBC - Division of Information Technology
Tim Champ
Coordinator of Unix Infrastructure
UMBC - Division of Information Technology
Coordinator of Unix Infrastructure
UMBC - Division of Information Technology
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
