octave-maintainers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE check for Octave dependencies

From: Reza Housseini
Subject: Re: CVE check for Octave dependencies
Date: Thu, 19 Dec 2013 07:52:56 +0100



On Wed, Dec 18, 2013 at 6:30 PM, CdeMills <address@hidden> wrote:
Hello,

I've added a new column in table found at http://wiki.octave.org/Building

With respect to the dependencies, there are two issues:
1) cURL versions 7.18.0 to 7.32.0 are suceptible to a 'man-in-the-middle'
attack ,see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4545&cid=1
2) graphicsmagick  up to 1.3.18 may crash while exporting some kind of
images, see
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4589&cid=1

Is it possible at the configure step to verify that the versions of those
two libs are safe ?

Regards

Pascal



--
View this message in context: http://octave.1599824.n4.nabble.com/CVE-check-for-Octave-dependencies-tp4660188.html
Sent from the Octave - Maintainers mailing list archive at Nabble.com.

That's a good idea. Can someone also provide names of the packages to install for other systems? For example Cygwin, Fedora, etc.?
I was also wondering why LLVM isn't on the list from the webpage?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]