CVE-2017-7692 and Security Scanner

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE-2017-7692 and Security Scanner

security
Hello,

our university uses a security scanner to check for outdated and
insecure software.
The scanner recently noticed, that squirrel mail was vulnerable for
CVE-2017-7692.
According to your Changelog, this CVE has been fixed on April, 25.

The security scanner has not been able to recognize, that you fixed the CVE,
because it can only check the Version string of squirrelmail.

Is it possible, that you increase the minor Version each time a CVE is
fixed,
so security scanners will be able to detect, if a version is installed,
where the CVE is fixed?

Sincerly

Frank Knoben

RWTH Aachen
Germany


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users