Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 10:14:27 -0500 (EST)
From: cve-assign@...re.org
To: Martin Prpic <mprpic@...hat.com>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE request: directory traversal flaw in patch


> Hi!
>
> I think these issues in patch also deserve CVEs:
>
> https://savannah.gnu.org/bugs/?44051
> "With a specific file, patch goes to infinite loop and eats all CPU time."


Use CVE-2014-9637.

> http://git.savannah.gnu.org/cgit/patch.git/commit/?id=44a987e02f04b9d81a0db4a611145cad1093a2d3 
> "Add line number overflow checking. Based on Robert C. Seacord's INT32-C 
> document for integer overflow checking and Tobias Stoeckmann's "integer 
> overflows and oob memory access" patch for FreeBSD."

What is the security impact of this issue?  The commit is not immediately 
clear.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ