Replies: 7 comments
-
I plan a 2.39.4 release. For the older versions, we can add a patch to the old branches; I don't think releases are necessary. |
Beta Was this translation helpful? Give feedback.
-
That would be really nice. Thanks a lot for the response. Will be waiting for the patches, any info on the timeline of the fix? |
Beta Was this translation helpful? Give feedback.
-
The patch has been merged into stable/v2.39.1 (a98558a). I want to release it on Wednesday. |
Beta Was this translation helpful? Give feedback.
-
Thanks @karelzak for the fix. I was hoping you would provide a fix for 2.39 https://github.com/util-linux/util-linux/blob/v2.39/term-utils/wall.c#L331 I think 2.39 and 2.39.1 have a big difference in code with print modules. |
Beta Was this translation helpful? Give feedback.
-
The wall.c is almost the same in stable/v2.39 and stable/v2.40 (except for the systemd support). |
Beta Was this translation helpful? Give feedback.
-
Please extract and check the tarball Ubuntu added 3 prep patches to fix this CVE. I didn't realise that v2.39 tag and stable/v2.39 are fully different. |
Beta Was this translation helpful? Give feedback.
-
This is v2.34; I'm talking about v2.39, where all the |
Beta Was this translation helpful? Give feedback.
-
404b078
Hi @karelzak Are there any plans to patch CVE-2024-28085 in older releases of util-linux? Many distros will not be using the latest version of it and
fputs_careful
got introduced in a fairly newer version of util-linux.Is it okay for you to provide a fix for older versions of util-linux?
Beta Was this translation helpful? Give feedback.
All reactions