--- Begin Message ---
I see that Red Hat/Fedora have released new packages to address
CVE-2020-8037 in tcpdump. Does the tcpdump group have any message about
this CVE? Is there a release from tcpdump.org with this CVE fixed?
See https://bugzilla.redhat.com/show_bug.cgi?id=1895080 for details
(pointing to a commit to the 4.9 branch from April).
Are there other CVEs that affect tcpdump-4.9.3 that vendors should be aware
of?
It looks like http://www.tcpdump.org/public-cve-list.txt hasn't been
updated since the 4.9.3 release (even though CVE-2020-8037 is a public cve).
I realize that http://www.tcpdump.org/security.html says there is no
commitment from the tcpdump group to release security fixes on any
timeframe whatsoever. However, is there a way for someone who ships
tcpdump with their product to be made aware of unreleased security fixes,
or should we rely on Red Hat and others for that?
Thanks,
Bill
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
