Am 09.04.2013 01:12, schrieb Michael Gilbert: > On Mon, Apr 8, 2013 at 3:28 AM, Patrick Matthäi wrote: >> Am 08.04.2013 04:02, schrieb Michael Gilbert: >>> >>> package: src:glusterfs >>> severity: important >>> tag: security >>> >>> Hi, >>> >>> redhat published some advisories for glusterfs. After spending a bit >>> of time, I wasn't track down patches, but the following link has >>> information: >>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635 >>> >>> The redhat advisory indicates that the fixes are included in 3.3.0: >>> https://rhn.redhat.com/errata/RHSA-2013-0691.html >>> >>> Best wishes, >>> Mike >>> >> >> See: >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698502 > > So, because it isn't clear to me, do your patches also address the > remaining issues as reported by Kurt Seifried as stated in the redhat > bug [0], which have the different id CVE-2012-5635 or do they only > address CVE-2012-4417? > > Best wishes, > Mike > > [0] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
Good question. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5635 speaks about the Red Hat Storage Management system, which is a product using glusterfs. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4417 is the same vuln. but writing about glusterfs and Red Hat Storage. So (also if CVE-2012-5635 states: different vulnerabilities than CVE-2012-4417) it has got the same source, just used in two different products (so on the same fix for both CVEs)? Louis do you have got an idea? -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi GNU/Linux Debian Developer Blog: http://www.linux-dev.org/ E-Mail: pmatth...@debian.org patr...@linux-dev.org */
signature.asc
Description: OpenPGP digital signature
