Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 06 Mar 2014 06:52:03 +0100
From: Remi Collet <remi@...oraproject.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request: file: crashes when checking softmagic
 for some corrupt PE executables

Le 05/03/2014 19:29, mancha a écrit :

> The initial fix for this problem [1] had an off-by-one flaw
> that has since been corrected [2].
> 
> I am unsure of the policy regarding the issuance of new CVE 
> identifiers associated with incomplete/flawed fixes associated
> with previously allocated CVEs. But, in this particular case
> file 5.17 shipped with [1] and not [2].

[1] fix a security risk.

[2] don't fix any security risk. It's only a regression noticed when
analysis some files (used in PHP test suite, p.e.). I don't think this
need a new CVE.

> 
> --mancha
> 
> [1] https://github.com/file/file/commit/447558595a36
> [2] https://github.com/file/file/commit/70c65d2e1841
> 
> 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ