Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   custom css not loaded, posted by Laurent Jean-Rigaud on Fri Dec 2 14:02:49 2022 
    icon3.gif   Re: custom css not loaded, posted by Laurent Jean-Rigaud on Fri Dec 2 14:44:46 2022 
       icon2.gif   remove elog from EPEL and Fedora., posted by Konstantin Olchanski on Mon Dec 5 04:15:17 2022 
          icon2.gif   remove elog from EPEL and Fedora., posted by Germano Massullo on Tue Dec 20 17:37:42 2022 
Message ID: 69591     Entry time: Mon Dec 5 04:15:17 2022     In reply to: 69590     Reply to this: 69592
Icon: Reply  Author: Konstantin Olchanski  Author Email: olchansk@triumf.ca 
Category: Bug report  OS: Linux  ELOG Version: 3.14 EL7 EPEL 
Subject: remove elog from EPEL and Fedora.  
> elogd binary from EPEL

thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and 
did not include the security patches that went it right before covid started in the Winter of 2020.

the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).

I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").

https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm

https://packages.fedoraproject.org/pkgs/elog/elog/
https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html

note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."

K.O.
ELOG V3.1.5-3fb85fa6