From: James Hilliard <james.hilliard1@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/systemd: add upstream fix for CVE-2018-16864
Date: Fri, 11 Jan 2019 04:48:19 -0700 [thread overview]
Message-ID: <CADvTj4pRcw-bWji5Crcr7o69tg+T-iD4wDcg5zDOjRRT7DXfWQ@mail.gmail.com> (raw)
In-Reply-To: <87fttzqux5.fsf@dell.be.48ers.dk>
On Fri, Jan 11, 2019 at 4:46 AM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "James" == James Hilliard <james.hilliard1@gmail.com> writes:
>
> Hi,
>
> >> >> What about CVE-2018-16865, E.G. commit 052c57f132f04a / ef4d6abe7c7fa?
> >> >> Do those not apply to 240?
> >> > So here https://www.qualys.com/2019/01/09/system-down/system-down.txt it says:
> >> > "CVE-2018-16865 was introduced in December 2011 (systemd v38) and became
> >> > exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced
> >> > in June 2015 (systemd v221) and was inadvertently fixed in August 2018."
> >> > So my assumption was that we didn't need patches for CVE-2018-16865
> >> > since systemd 240 was released in Dec 2018.
> >>
> >> We don't need a fix for 16866, but we do need for 16865, right?
> > That is not entirely clear to me as there seems to be contradictory info.
>
> Sorry, what is unclear about "CVE-2018-16865 was introduced in December
> 2011 (systemd v38) and became exploitable in April 2013 (systemd v201)"?
The part that is unclear is that it supposedly "was inadvertently
fixed in August 2018".
>
> --
> Bye, Peter Korsgaard
next prev parent reply other threads:[~2019-01-11 11:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-11 7:54 [Buildroot] [PATCH 1/1] package/systemd: add upstream fix for CVE-2018-16864 james.hilliard1 at gmail.com
2019-01-11 10:46 ` Peter Korsgaard
2019-01-11 11:03 ` James Hilliard
2019-01-11 11:34 ` Peter Korsgaard
2019-01-11 11:36 ` James Hilliard
2019-01-11 11:45 ` Peter Korsgaard
2019-01-11 11:48 ` James Hilliard [this message]
2019-01-11 11:53 ` Peter Korsgaard
2019-01-11 12:04 ` James Hilliard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADvTj4pRcw-bWji5Crcr7o69tg+T-iD4wDcg5zDOjRRT7DXfWQ@mail.gmail.com \
--to=james.hilliard1@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.