[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Patch for CVE-2018-7490 in uwsgi


On Monday 26 March 2018 04:14 PM, Gero Treuner wrote:
> Hi Abhijith,
> 
> On Fri, Mar 23, 2018 at 07:39:58PM +0530, Abhijith PA wrote:
>> I couldn't find php plugin for uwsgi in wheezy. What are the other ways
>> to test around it.
> 
> You are absolutely right - it can't be tested because ... it isn't
> there. I thouroughly checked the build for php_plugin.c being compiled
> anywhere.
> That wasn't obvious to me. As said, I am not using this part, and was
> not aware, that I even don't have a chance to do so. My intent was only
> to have my (and other) systems 
> 
> So wheezy clearly is not vulnerable, and no need to fix it. Sorry for
> the noise, and thanks for your work here and in general.
> 
> But then it probably is a good idea to note that situation in the
> security tracker. Could you do something about it?
> 
> 
> Kind regards,
>    Gero
> 

I will update the information on security tracker.

Thanks.
Reply to: