Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 04 Aug 2012 12:58:41 -0400
From: Jeff Mitchell <>
CC: Agostino Sarubbo <>
Subject: Re: CVE request for Calligra

On 08/04/2012 11:56 AM, Agostino Sarubbo wrote:
> On Saturday 04 August 2012 11:44:33 Jeff Mitchell wrote:
>> I don't know what Kurt wants, as he didn't respond to my email.
>> What information do you want?
> Take a look here, an example of CVE description: 
> Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in 
> Boost Pool before 3.9 makes it easier for context-dependent attackers to 
> perform memory-related attacks such as buffer overflows via a large size 
> value, which causes less memory to be allocated than expected.
> So, in this case, if you don't provide to any info, what Kurt should write?
>> What commit code do you want?
> Please post the diff between the vulnerable code and the fix so we are sure 
> that is a security issue.


You can read all about the details of the vulnerability in the Black Hat
2012 presentation by Charlie Miller
-- details of the Calligra (and KOffice) exploit start at page 39.

Unfortunately, he did not notify us ahead of time of his intent to
disclose, so it's already public.


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ