Date: Thu, 29 Jan 2015 07:27:58 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com, Mitre CVE assign department <cve-assign@...re.org> Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On 01/29/2015 03:17 AM, Florian Weimer wrote: >> Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered >> by Red Hat Bugzilla ID 797096. > > Oh, it seems Huzaifa posted the wrong Bugzilla reference. > Yes, sorry wrong bz. > We still need assignment for this fix: > > <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7> > > The matching Red Hat Bugzilla bug is: > > <https://bugzilla.redhat.com/show_bug.cgi?id=981942> The above is the correct bug with the corresponding impact at: https://bugzilla.redhat.com/show_bug.cgi?id=1186614 MITRE, Can we still use the above CVE for this issue? > > I haven't yet seen an upstream bug for it; this change happened before > upstream required bugs being filed for all user-visible changes. > -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ