Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 10 Apr 2008 14:31:13 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: gcc 4.2 optimizations and integer overflow checks


On Wed, 9 Apr 2008, Nico Golde wrote:

> Hi Steven,
> * Steven M. Christey <coley@...us.mitre.org> [2008-04-07 18:24]:
> > While an unusual bug, we decided to assign a CVE for it.
> [...]
> Just stumbled upon CVE-2006-1902, look spretty much the same
> to me, is this a dup?

Nice find!

My immediate suspicion is that they're not the same, based solely on
affected versions - CVE-2008-1685 has a specific affected version range
because it changed behaviors in 4.2.0.  Maybe that change came out of
followup analysis stemming from CVE-2006-1902.

But, I'm not completely sure.  Solar?

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux