Date: Wed, 23 Jul 2014 22:08:33 -0400 (EDT) From: cve-assign@...re.org To: fweimer@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: [CVE request] Array allocation fixes in libgfortran -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > several CVE-2002-0391-style integer overflows in array allocation in > libgfortran > > https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721 Use CVE-2014-5044. It seems fairly clear that there is only one CVE ID needed. However, can you clarify what definition of "CVE-2002-0391-style integer overflows" you were using? We think you might mean: - any integer overflow caused by multiplying the number of elements in an array by the size of a single element - this includes, but isn't limited to, cases where the array elements represent arguments - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT0GoDAAoJEKllVAevmvmsFnAH/0NvbICQOkjYCUuhVPkptG1H EHsDkC8Ll+H8vAB9uBBFY5bFPLKNLiVZv7E8Y51X4MqiugwVRgJ4mHxd88LgnI+A 1gsQbW3GR2uphO7MxHFGDNiwAsht0KONUTI+dGvi8gOBiQeLDWWxM5uxoqjc4EwP 5kCa/Vo+d+l6UvSbk2KNqqcWapfVIgDpPGqkFADDQ+UfUfFAOaRj6xV1siBjxgDE ONJbFQIlrXBPWXDnDC5uKycrpdTQGojHuhK+7mLejOHMIc7oT/Fvt3IOMrNn4EVE /frwqAit/n2WkeU52poljl/w6d56Bx2+i33pJy98zYKaOi+eve3AmnisVGhFgoI= =1dP4 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ