[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

Michael Richardson mcr at sandelman.ca
Fri Nov 21 15:47:06 EST 2014


Guy Harris <guy at alum.mit.edu> wrote:
    >> I'm looking for the official patches for CVE-2014-8767, CVE-2014-8768
    >> and CVE-2014-8769 but they don't seem to be in the Github repository.

    > Michael, are changes made to the bpf.tcpdump.org repository still
    > getting pushed to the Github repository?  There was a time when they
    > were.
 
It's supposed to happen, but I'm checking.
Should be there now.  Is cron failing to do it's thing?

    >> The advisories also mention a 4.7.0 version with the fixes, but it's not
    >> there either.

    > I don't think it's out yet - Michael?

It's in the tcpdump.org/beta/ directory, but I didn't want to release until
the distros had a chance to patch.



More information about the tcpdump-workers mailing list