I checked the source code for the reported Numeric Errors in the latest
release, the source code at the identified lines hasn't changed from 3.0.1.
I also checked the release notes for 3.0.2 and later. The reported
vulnerabilities are not addressed as per the notes.
We will upgrade to the latest release at the next opportunity, but I am
afraid Veracode will report the same issues since the source hasn't changed.
On Wed, Nov 16, 2016 at 8:56 AM, Bill Cole-3 [via Postfix] <
ml-node+s1071664n87323...@n5.nabble.com> wrote:
> On 16 Nov 2016, at 10:38, McSec wrote:
>
> > A Veracode scan reported the following vulnerabilites in postfix
> > 3.0.1:
>
> Just curious: why bother with analyzing an obsolete version? Latest
> releases are 3.1.3 and 3.0.7.
>
> Also, have you read the release notes for 3.0.{2..7}?
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://postfix.1071664.n5.nabble.com/Veracode-reported-
> vulnerabilities-tp87320p87323.html
> To unsubscribe from Veracode reported vulnerabilities, click here
> <http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=87320&code=bWNzZWM5QGdtYWlsLmNvbXw4NzMyMHwtMTEwNzM3MzQyNw==>
> .
> NAML
> <http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Veracode-reported-vulnerabilities-tp87320p87325.html
Sent from the Postfix Users mailing list archive at Nabble.com.
