|
|
|
Demo
Discussion
|
|
Forum
Config Examples
Contributions
Vulnerabilities
|
| Discussion forum about ELOG |
Not logged in |
 |
|
|
Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022
|
Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022
| |
Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022
| |
Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022
| |
Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022
| |
Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022
| |
Re: Vulnerability?, posted by Jan Just Keijser on Mon Mar 7 17:46:39 2022
|
Re: Vulnerability?, posted by Jan Just Keijser on Wed Mar 9 17:55:31 2022 
| |
Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 15:47:59 2022
| |
Re: Vulnerability?, posted by Jan Just Keijser on Tue Apr 19 17:02:57 2022
| |
Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 20:13:04 2022
| |
Re: Vulnerability?, posted by Jan Just Keijser on Fri Apr 22 17:10:24 2022
| |
Re: Vulnerability?, posted by Laurent Jean-Rigaud on Mon Mar 7 22:07:54 2022
| |
Re: Vulnerability?, posted by Florian Heigl on Mon Apr 18 19:16:36 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 19 21:15:19 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Fri Apr 22 21:15:37 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 17:39:49 2022
| |
history of long-removed freebsd package, Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 18:03:03 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Wed Apr 27 19:36:25 2022
|
Re: Vulnerability?, posted by Andreas Luedeke on Fri Apr 22 12:55:21 2022
| |
Re: Vulnerability?, posted by Konstantin Olchanski on Sat Apr 23 18:05:57 2022
|
|
|
Message ID: 69521
Entry time: Sat Apr 23 18:05:57 2022
In reply to: 69484
|
|
| Category: |
Question |
OS: |
Windows |
ELOG Version: |
3.1.4-a04faf9f |
|
| Subject: |
Re: Vulnerability? |
|
|
> The CVEs you refer to are very old and have been fixed a long time ago.
>
> Please refer to:
> https://www.tenable.com/security/research/tra-2019-53
>
> This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
>
> Note that the elog git history does not refer to these CVEs because
> they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> in the above document. The relevant commits are listed under "Additional References".
>
> K.O.
I should better capture these "additional references" and the "disclosure timeline"
before they vanish from tenable.com:
https://www.tenable.com/security/research/tra-2019-53
Additional References
https://bitbucket.org/ritt/elog/commits/7367647d40d9b43d529d952d3a063d53606697cb
https://bitbucket.org/ritt/elog/commits/38c08aceda8e5ac4bfdcc040710b5792bd5fe4d3
https://bitbucket.org/ritt/elog/commits/32ba07e19241e0bcc68aaa640833424fb3001956
https://bitbucket.org/ritt/elog/commits/15787c1edec1bbe1034b5327a9d6efa710db480b
https://bitbucket.org/ritt/elog/commits/283534d97d5a181b09960ae1f0c53dbbe42d8a90
Disclosure Timeline
12/3/2019 - Notice sent to stefan.ritt - AT - psi.ch. 90 day is March 3, 2020
12/4/2019 - Dr. Ritt acknowledges the report.
12/9/2019 - Dr. Ritt stages fixes in bitbucket.
12/9/2019 - Tenable provides feedback.
12/10/2019 - Dr. Ritt acknowledges.
12/11/2019 - Tenable reserves CVE.
12/11/2019 - Tenable notes the various ELOG instances maintained by Paul Scherrer Institute are patched.
12/11/2019 - Tenable informs Dr. Ritt and Mr. Roger Kalt (Debian/Ubuntu package manager) of intent to publish CVE tomorrow (Dec.
12).
K.O. |