Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Jan 2015 07:27:58 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com,
        Mitre CVE assign department <cve-assign@...re.org>
Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

On 01/29/2015 03:17 AM, Florian Weimer wrote:

>> Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered
>> by Red Hat Bugzilla ID 797096.
> 
> Oh, it seems Huzaifa posted the wrong Bugzilla reference.
> 

Yes, sorry wrong bz.

> We still need assignment for this fix:
> 
>   <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7>
> 
> The matching Red Hat Bugzilla bug is:
> 
>   <https://bugzilla.redhat.com/show_bug.cgi?id=981942>
The above is the correct bug  with the corresponding impact at:
https://bugzilla.redhat.com/show_bug.cgi?id=1186614

MITRE,

Can we still use the above CVE for this issue?

> 
> I haven't yet seen an upstream bug for it; this change happened before
> upstream required bugs being filed for all user-visible changes.
> 


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ