Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 05:12:01 -0500 (EST)
From: Jan Lieskovsky <>
To: Tim Brown <>,
        Michael Wiegand <>
Cc:,,, Michal Ambroz <>
Subject: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To
 Command Injection

Hello Tim,

  thank you for the heads up and notification.

The versions of openvas-manager package, as shipped with Fedora release of 16
and release of 17 is based on upstream 2.0.5 version yet. From what I have looked
and can tell from upstream advisory and patch (for 3.0.X version):

the CVE-2012-5520 does not seem to be applicable to OpenVAS-4 / openvas-manager 2.0.5
version yet:

But prior definitely classifying Fedora 16 and Fedora 17 openvas-manager package versions
as not vulnerable to this issue, I would like to hear opinion / confirmation from someone
more familiar with OpenVAS code.

So could you confirm the CVE-2012-5520 wouldn't affect OpenVAS-4 2.0.X version (yet)?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

----- Original Message -----
Doh, a document gets proof read by multiple people and yet it contains a 
mistake.  In the Current Status section of the advisory, the date is 
incorrect.  A corrected advisory is attached.

Tim Brown

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ