Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 9 May 2011 15:57:26 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: libarchive, multiple overflows

----- Original Message -----
> Hello,
> our maintainer found the following patches:
> -----------
> I was doing some maintainance on bsdtar package and noticed that there
> was a buffer overflow fix upstream, see

Use CVE-2011-1777

> Also SUSE package does not include the
> patch which seems to be security sensitive also.

I'm not sure I'd call this one security. It's a crash only from what I can

It's just silly input to a format string. If you want one I'll assign it

> More overflow fixes:

This one needs a 2010 ID.
Use CVE-2010-4666


Use CVE-2011-1778

> Use-after-free fix (not sure if exploitable):

I'm going to give this an ID, I'd rather have it revoked than not assigned.

Use CVE-2011-1779



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ