Date: Tue, 11 Nov 2014 14:15:59 +0100 From: Vasyl Kaigorodov <vkaigoro@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: cve request: libbfd? Hello, In addition to the above, I'd like to request a CVE(s) for the below issues: Directory traversal vulnerability allowing random files deleteion/creation Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 Out-of-bounds memory write while processing a crafted "ar" archive Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 On Sat, 25 Oct 2014, Michal Zalewski wrote: > Hey, > > You may want to assign something to: > > http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html > http://sourceware.org/bugzilla/show_bug.cgi?id=17510 > > This is slightly complicated by the fact that libbfd is just bad in > general and there likely are dozens of individual bugs, but the > write-to-arbitrary-pointer issues with ELF section parsing in elf.c > sort of stand out. > > /mz [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ