Date: Thu, 13 Mar 2014 23:16:07 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org, meissner@...e.de Subject: Re: Re: CVE request for icinga 1 byte \0 overflows On Thursday 13 March 2014 15:30:31 cve-assign@...re.org wrote: > > The icinga team silently fixed some single byte \0 overflows. > > > > https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551a > > bdaab0a042d3d6bae093b0d > > > > (also the non public > > https://dev.icinga.org/issues/5663 > > is referenced by commit above) > > Use CVE-2014-2386. We tracked a lot of similar issues: https://bugs.gentoo.org/show_bug.cgi?id=fortify-source -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ