Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Jan Lieskovsky (jlieskovredhat.com)
Date: Wed Nov 14 2012 - 04:12:01 CST
thank you for the heads up and notification.
The versions of openvas-manager package, as shipped with Fedora release of 16
and release of 17 is based on upstream 2.0.5 version yet. From what I have looked
and can tell from upstream advisory and patch (for 3.0.X version):
the CVE-2012-5520 does not seem to be applicable to OpenVAS-4 / openvas-manager 2.0.5
But prior definitely classifying Fedora 16 and Fedora 17 openvas-manager package versions
as not vulnerable to this issue, I would like to hear opinion / confirmation from someone
more familiar with OpenVAS code.
So could you confirm the CVE-2012-5520 wouldn't affect OpenVAS-4 2.0.X version (yet)?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
----- Original Message -----
Doh, a document gets proof read by multiple people and yet it contains a
mistake. In the Current Status section of the advisory, the date is
incorrect. A corrected advisory is attached.