Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022 
    icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022 
       icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022 
          icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022 
             icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022 
                icon2.gif   Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022 
                   icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022 
                   icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Mon Mar 7 17:46:39 2022 
                      icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Wed Mar 9 17:55:31 2022 elog-3.1.4-1ebfd06c-win64.zip
                         icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 15:47:59 2022 
                            icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Tue Apr 19 17:02:57 2022 
                               icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 20:13:04 2022 
                                  icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Fri Apr 22 17:10:24 2022 
                   icon2.gif   Re: Vulnerability?, posted by Laurent Jean-Rigaud on Mon Mar 7 22:07:54 2022 elog-3.1.4-395e101.zip
                   icon2.gif   Re: Vulnerability?, posted by Florian Heigl on Mon Apr 18 19:16:36 2022 
                      icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 19 21:15:19 2022 
                         icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Fri Apr 22 21:15:37 2022 
                            icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 17:39:49 2022 
                               icon2.gif   history of long-removed freebsd package, Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 18:03:03 2022 
                               icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Wed Apr 27 19:36:25 2022 
                      icon12.gif   Re: Vulnerability?, posted by Andreas Luedeke on Fri Apr 22 12:55:21 2022 
       icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sat Apr 23 18:05:57 2022 
Message ID: 69487     Entry time: Sun Mar 6 17:33:04 2022     In reply to: 69486     Reply to this: 69488
Icon: Reply  Author: Konstantin Olchanski  Author Email: olchansk@triumf.ca 
Category: Question  OS: Windows  ELOG Version: 3.1.4-a04faf9f 
Subject: Re: Vulnerability? 
> > > The CVEs you refer to are very old and have been fixed a long time ago.
> 
> Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?

I confirm. Windows executables at https://elog.psi.ch/elog/download/windows/
and Debian packages at https://packages.debian.org/search?keywords=elog all
appear to be older than the cve fixes.

I trust Stefan is reading this thread and will do something about it. My vote would
be to remove the download link to the windows executables and ask Debian to remove
the elog package. I think they have a way for upstream developers (Stefan) to request
removal of unmaintained out-of-date insecure versions of their stuff. ROOT
was in the same situation years ago, the Debian package for ROOT was very old version,
also built incorrectly, and everybody complained to us that our stuff does
not work (midas, rootana, etc).

K.O.
ELOG V3.1.4-bcd7b50