ELOG problems with certificates, posted by Ezio Zanghellini on Thu Feb 10 19:03:56 2022
|
Recently I have had problems with ELOG not accepting the certificates (in this case from https://letsencrypt.org/)
probably due to the old version of the SSL library of the binary distribution for Windows.
I have tried to follow the instructions to set up ELOG to work with Apache but they are probably old. |
Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022
|
Hi, I have been using elog for years at CERN.
Now I installed in my local workstation at my home inistitue
and sysadmin reported the following vulnerabilities: |
Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022
|
The CVEs you refer to are very old and have been fixed a long time ago.
Please refer to:
|
|
Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022
|
Ok, many many thanks!
I will pass the info to my sysadmin.
Best Regards.
|
|
Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022
|
> Ok, many many thanks!
> I will pass the info to my sysadmin.
> Best Regards.
|
|
Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022
|
> > > The CVEs you refer to are very old and have been fixed a long time ago.
>
> Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?
|
|
Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022
|
> I trust Stefan is reading this thread and will do something about it. My vote would
> be to remove the download link to the windows executables and ask Debian to remove
> the elog package. I think they have a way for upstream developers (Stefan) to request
|
|
Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022
|
>
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
|