| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69520
|
Fri Apr 22 21:15:37 2022 |
 | Konstantin Olchanski | olchansk@triumf.ca | Question | Windows | 3.1.4-a04faf9f | Re: Vulnerability? |
> > debian package still outdated?
> We reached to the package maintainer
the good Roger Kalt requested removal of debian package elog
and it is now removed from debian-unstable. I am not sure
if it can be removed from debian-stable releases (debian-11, debian-10).
https://tracker.debian.org/pkg/elog
https://tracker.debian.org/news/1320035/removed-313-1-1-from-unstable/
K.O. |
|
69521
|
Sat Apr 23 18:05:57 2022 |
| Konstantin Olchanski | olchansk@triumf.ca | Question | Windows | 3.1.4-a04faf9f | Re: Vulnerability? |
> The CVEs you refer to are very old and have been fixed a long time ago.
>
> Please refer to:
> https://www.tenable.com/security/research/tra-2019-53
>
> This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
>
> Note that the elog git history does not refer to these CVEs because
> they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> in the above document. The relevant commits are listed under "Additional References".
>
> K.O.
I should better capture these "additional references" and the "disclosure timeline"
before they vanish from tenable.com:
https://www.tenable.com/security/research/tra-2019-53
Additional References
https://bitbucket.org/ritt/elog/commits/7367647d40d9b43d529d952d3a063d53606697cb
https://bitbucket.org/ritt/elog/commits/38c08aceda8e5ac4bfdcc040710b5792bd5fe4d3
https://bitbucket.org/ritt/elog/commits/32ba07e19241e0bcc68aaa640833424fb3001956
https://bitbucket.org/ritt/elog/commits/15787c1edec1bbe1034b5327a9d6efa710db480b
https://bitbucket.org/ritt/elog/commits/283534d97d5a181b09960ae1f0c53dbbe42d8a90
Disclosure Timeline
12/3/2019 - Notice sent to stefan.ritt - AT - psi.ch. 90 day is March 3, 2020
12/4/2019 - Dr. Ritt acknowledges the report.
12/9/2019 - Dr. Ritt stages fixes in bitbucket.
12/9/2019 - Tenable provides feedback.
12/10/2019 - Dr. Ritt acknowledges.
12/11/2019 - Tenable reserves CVE.
12/11/2019 - Tenable notes the various ELOG instances maintained by Paul Scherrer Institute are patched.
12/11/2019 - Tenable informs Dr. Ritt and Mr. Roger Kalt (Debian/Ubuntu package manager) of intent to publish CVE tomorrow (Dec.
12).
K.O. |
|
69522
|
Tue Apr 26 17:39:49 2022 |
| Konstantin Olchanski | olchansk@triumf.ca | Question | Windows | 3.1.4-a04faf9f | Re: Vulnerability? |
> > > debian package still outdated?
> removed from debian-unstable
> https://tracker.debian.org/pkg/elog
> https://tracker.debian.org/news/1320035/removed-313-1-1-from-unstable/
contacted security@debian.org and they requested removal from the next buster/bullseye point releases:
https://bugs.debian.org/1010196
https://bugs.debian.org/1010197
next is to request removal of ubuntu package.
K.O. |
|
69524
|
Wed Apr 27 19:36:25 2022 |
| Konstantin Olchanski | olchansk@triumf.ca | Question | Windows | 3.1.4-a04faf9f | Re: Vulnerability? |
> next is to request removal of ubuntu package.
contacted ubuntu security team, got very quick response.
they noted our request and informed us that ubuntu cannot remove packages from existing releases.
https://bugs.launchpad.net/ubuntu/+source/elog/+bug/1970480
K.O. |
|
68639
|
Fri Jul 14 16:58:48 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Info | Windows | latest | Re: Virus in latest elog? |
Hi Daniel,
you're the first one reporting about this virus. We have different virus checkers here at our lab and none of them triggered. So I guess it is a false alarm.
Best,
Stefan
| Daniel Sajdyk wrote: |
|
Hello.
Today I wanted to download latest elog version, and got information from Eset Endpoint Antyvirus, that downloaded file has trojan horse "Generic.GQWFFXB".
It this false positive alarm?
Daniel
|
|
|
1138
|
Mon May 9 20:47:02 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | Other | 2.5.9 | Re: Version of GCC to use? |
> What is the recommended version of gcc to use with elog 2.5.9? I searched
> the discussion database but found nothing pertaining to this.
Well, the same code compiles on gcc and on Visual C++ under Windows, so
hopefully there is no dependence on the gcc version (;-)
I use gcc 3.2.3 on Scientific Linux 3.03. |
|
1139
|
Mon May 9 20:51:23 2005 |
| Steve Jones | steve.jones@freescale.com | Question | Linux | Other | 2.5.9 | Re: Version of GCC to use? |
> > What is the recommended version of gcc to use with elog 2.5.9? I searched
> > the discussion database but found nothing pertaining to this.
>
> Well, the same code compiles on gcc and on Visual C++ under Windows, so
> hopefully there is no dependence on the gcc version (;-)
>
> I use gcc 3.2.3 on Scientific Linux 3.03.
I ask because I get a dependency that I did not have before with 2.5.3.
Compiling with my same 'ole gcc 2.95.2 I see that I now need mxml.h and
strlcpy.h. Trying to compile under gcc 3.4 results in all kinds of errors. |
|
1140
|
Mon May 9 20:55:36 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | Other | 2.5.9 | Re: Version of GCC to use? |
> I ask because I get a dependency that I did not have before with 2.5.3.
> Compiling with my same 'ole gcc 2.95.2 I see that I now need mxml.h and
> strlcpy.h. Trying to compile under gcc 3.4 results in all kinds of errors.
mxml.h and strlcpy.h are part of the elog tar ball. When untar'ed, they get copied
into a separate directory:
...
-rwxr-xr-x ritt/lke 15090 2005-05-09 13:09:54 elog-2.5.9/eloglang.japanese
-rwxr-xr-x ritt/lke 17587 2005-05-09 13:09:54 elog-2.5.9/eloglang.spanish
drwxr-xr-x ritt/lke 0 2005-05-09 13:09:54 mxml/
-rwxr-xr-x ritt/lke 45577 2005-05-09 13:09:54 mxml/mxml.c
-rwxr-xr-x ritt/lke 2198 2005-05-09 13:09:54 mxml/strlcpy.c
-rwxr-xr-x ritt/lke 4359 2005-05-09 13:09:54 mxml/mxml.h
-rwxr-xr-x ritt/lke 567 2005-05-09 13:09:54 mxml/strlcpy.h
I have right now no access to 3.4. Once I get it, I will address the errors
occuring there. |