What's new

Status vs. official security update?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mokkurkalve

Occasional Visitor
I'm running Merlin 384.18 on RT-AC68U. It was updated to binary blobs and SDK from official version 385.20490. Now on 2020-06-30 there came a security update from official Asus, listing:

ASUS RT-AC68U Firmware version 3.0.0.4.385.20630
Security update
- Fixed CVE-2020-12695 (CallStranger)
- Fixed Reflected XSS vulnerability.
- Fixed Directory traversal vulnerability.
- Fixed CVE-2017-15653.

I'm just wondering how the status stand in current Merlin on these listed issues, if known?
Some might not even be relevant for Merlin?
 
Are you going to ask the same question every single time Asus releases an updated firmware that includes security fixes? Asus hasn't even released the GPL for this version yet. Or is there something special about these 4 fixes in particular?
Not "me", as I've never asked such a question here before, but I understand you are referring to a conceptual general "you". Well, then I fall silent. Thank you for being exceptionally general, impolite and unhelpful.
 
Not "me", as I've never asked such a question here before, but I understand you are referring to a conceptual general "you". Well, then I fall silent. Thank you for being exceptionally general, impolite and unhelpful.
The „you“ surely refers to a user that may have a similar sounding user name as yours.
Don‘t take that mishap too personal, we‘re all humans here and make mistakes.
The thing is, your kind of post comes up about once a week with similar wording and they get boring for us long time members. Reading the release notes and the about section of Asuswrt-Merlin would answer that exact question.
 
The „you“ surely refers to a user that may have a similar sounding user name as yours.
Don‘t take that mishap too personal, we‘re all humans here and make mistakes.
The thing is, your kind of post comes up about once a week with similar wording and they get boring for us long time members. Reading the release notes and the about section of Asuswrt-Merlin would answer that exact question.
Yes. Still, ones end result will always bear better fruit for all parties involved if one took a more pedagogic approach to bringing the message forth, rather than being out front rude.
And thanks, RMerlin, for a constructive answer.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top