Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Jan 2015 17:29:25 +0100
From: Martin Prpic <>
Subject: Re: CVE request: directory traversal flaw in patch writes:

> On Wed, 14 Jan 2015, Martin Prpic wrote:
>> Hi,
>> A directory traversal flaw was reported in patch:
>> Could a CVE please be assigned to this issue? Thank you.
>> --
>> Martin Prpič / Red Hat Product Security
> Use CVE-2015-1196.
> ---
> CVE assignment team, MITRE CVE Numbering Authority M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through ]


I think these issues in patch also deserve CVEs:
"With a specific file, patch goes to infinite loop and eats all CPU time."
"Got an other issue which output this before segfault: patching file util.h

Ran out of memory using Plan A -- trying again...

patching file util.h
Segmentation fault"
"Add line number overflow checking. Based on Robert C. Seacord's INT32-C document for integer overflow checking and Tobias Stoeckmann's "integer overflows and oob memory access" patch for FreeBSD."

Thank you!

Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ