![]() |
|
Date: Thu, 22 Jan 2015 10:14:27 -0500 (EST) From: cve-assign@...re.org To: Martin Prpic <mprpic@...hat.com> cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: CVE request: directory traversal flaw in patch > Hi! > > I think these issues in patch also deserve CVEs: > > https://savannah.gnu.org/bugs/?44051 > "With a specific file, patch goes to infinite loop and eats all CPU time." Use CVE-2014-9637. > http://git.savannah.gnu.org/cgit/patch.git/commit/?id=44a987e02f04b9d81a0db4a611145cad1093a2d3 > "Add line number overflow checking. Based on Robert C. Seacord's INT32-C > document for integer overflow checking and Tobias Stoeckmann's "integer > overflows and oob memory access" patch for FreeBSD." What is the security impact of this issue? The commit is not immediately clear. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.