[Debian-astro-maintainers] Bug#892458: Fwd: ftools update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 17 06:24:54 BST 2018 

Hi Sam,

On Tue, Apr 17, 2018 at 02:18:26PM +1000, Sam Fowler wrote:
> On 17/04/18 06:40, Salvatore Bonaccorso wrote:
> > Hi Sam,
> > 
> > On Mon, Apr 09, 2018 at 10:19:34AM +1000, Sam Fowler wrote:
> >> On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <olebole at debian.org> wrote:
> >>> FYI
> >>>
> >>>
> >>> -------- Forwarded Message --------
> >>> Subject: [Debian-astro-maintainers] ftools update
> >>> Date: Wed, 14 Mar 2018 10:42:25 -0400
> >>> From: Michael Arida <Michael.Arida at nasa.gov>
> >>> To: debian-astro-maintainers at lists.alioth.debian.org
> >>>
> >>>
> >>> Dear Debian Astro Maintainers,
> >>>
> >>> As you may have noticed CFITSIO was updated Friday (March 2) for a
> >>> major bug fix.  Since you have a software bundle that uses what we
> >>> assume is CFITSIO somewhere under the hood, we wanted to let you know
> >>> that you should update that code.  We are also expecting another
> >>> update in April.
> >>>
> >>> If you have any questions or concerns, feel free to contact me.
> >>>
> >>> Regards,
> >>>  Mike Arida
> >>> ____________________________________________________________
> >>> Michael Arida (ADNET)                     ASD/HEASARC
> >>> 301.286.2291/1215 (voice/fax)          Code 660, NASA/GSFC
> >>> michael.arida at nasa.gov                 Greenbelt, MD 20771
> >>>
> >>> _______________________________________________
> >>> Debian-astro-maintainers mailing list
> >>> Debian-astro-maintainers at lists.alioth.debian.org
> >>> https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
> >>
> >> This has been assigned has been assigned CVE-2018-1000166.
> > 
> > Looking at
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
> > it looks for those issues already CVE-2018-3848, CVE-2018-3849 and
> > CVE-2018-3846 were assigned and CVE-2018-1000166 is duplicate. Can you
> > confirm? And if so ask for rejection of CVE-2018-1000166?
> > 
> > Regards,
> > Salvatore
> 
> Hi Salvatore,
> 
> Looks like you are correct. I've request a rejection of CVE-2018-1000166
> from DWF in favour of CVE-2018-3846. I've filed separate RH bugs for
> CVE-2018-3848 and CVE-2018-3849.
> 
> Thanks for the heads up,

Thanks a lot for confirming that quickly. I have removed as well any
CVE-2018-1000166 from our security-tracker now as well.

Regards,
Salvatore

More information about the Debian-astro-maintainers mailing list