Date: Thu, 31 Jul 2014 11:34:24 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Re: [CVE request] Array allocation fixes in libgfortran On 07/24/2014 04:08 AM, cve-assign@...re.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> several CVE-2002-0391-style integer overflows in array allocation in >> libgfortran >> >> https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721 > > Use CVE-2014-5044. Thanks. The fixes have been backported to GCC 4.8 and 4.9: https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html > It seems fairly clear that there is only one CVE ID needed. However, > can you clarify what definition of "CVE-2002-0391-style integer > overflows" you were using? We think you might mean: > > - any integer overflow caused by multiplying the number of elements > in an array by the size of a single element > > - this includes, but isn't limited to, cases where the array > elements represent arguments The first, combined with the fact that the overflowing calculation is used to compute byte sizes for memory allocation purposes. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ