[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE check for Octave dependencies
From: |
Rik |
Subject: |
Re: CVE check for Octave dependencies |
Date: |
Thu, 19 Dec 2013 06:19:11 -0800 |
On 12/18/2013 11:28 PM, address@hidden wrote:
> Message: 5
> Date: Thu, 19 Dec 2013 07:52:56 +0100
> From: Reza Housseini <address@hidden>
> To: CdeMills <address@hidden>
> Cc: "address@hidden" <address@hidden>
> Subject: Re: CVE check for Octave dependencies
> Message-ID:
> <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Wed, Dec 18, 2013 at 6:30 PM, CdeMills <address@hidden>wrote:
>
>> > Hello,
>> >
>> > I've added a new column in table found at http://wiki.octave.org/Building
>> >
>> > With respect to the dependencies, there are two issues:
>> > 1) cURL versions 7.18.0 to 7.32.0 are suceptible to a 'man-in-the-middle'
>> > attack ,see
>> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4545&cid=1
>> > 2) graphicsmagick up to 1.3.18 may crash while exporting some kind of
>> > images, see
>> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4589&cid=1
>> >
>> > Is it possible at the configure step to verify that the versions of those
>> > two libs are safe ?
>> >
>> > Regards
>> >
>> > Pascal
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> > http://octave.1599824.n4.nabble.com/CVE-check-for-Octave-dependencies-tp4660188.html
>> > Sent from the Octave - Maintainers mailing list archive at Nabble.com.
>> >
> That's a good idea. Can someone also provide names of the packages to
> install for other systems? For example Cygwin, Fedora, etc.?
> I was also wondering why LLVM isn't on the list from the webpage?
Some of this is subjective. I wouldn't put LLVM on the list of
dependencies because the JIT compiler is still a very optional element of
Octave and won't become anywhere near required until release 4.2 or 4.4.
Going the other way, I don't see Java on the list and that's pretty
important if you want to use that interface. And Java probably will have
CVE listings.
--Rik
- Octave build dependencies wiki, (continued)
- Octave build dependencies wiki, Mike Miller, 2013/12/20
- Re: Octave build dependencies wiki, Reza Housseini, 2013/12/20
- Re: Octave build dependencies wiki, Andreas Weber, 2013/12/22
- Re: Octave build dependencies wiki, CdeMills, 2013/12/22
- Re: Octave build dependencies wiki, Carnë Draug, 2013/12/22
- Re: Octave build dependencies wiki, Reza Housseini, 2013/12/23
- Re: Octave build dependencies wiki, CdeMills, 2013/12/23
- Re: Octave build dependencies wiki, Reza Housseini, 2013/12/23
- Re: Octave build dependencies wiki, Carnë Draug, 2013/12/23
- Re: CVE check for Octave dependencies, c., 2013/12/19
Re: CVE check for Octave dependencies,
Rik <=
- Re: CVE check for Octave dependencies, Pascal Dupuis, 2013/12/19
- Re: CVE check for Octave dependencies, Reza Housseini, 2013/12/19
- Re: CVE check for Octave dependencies, c., 2013/12/20
- Re: CVE check for Octave dependencies, Svante Signell, 2013/12/20
- Re: CVE check for Octave dependencies, Wang S, 2013/12/20