Date: Thu, 29 Jan 2015 08:04:58 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: yunlian@...gle.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On mer., 2015-01-28 at 22:20 -0800, Paul Pluzhnikov wrote: > If I was supposed to cry alarm, I would have to cry alarm every time > there is a buffer overflow in glibc, which doesn't seem very useful. Actually, a quick git log --grep "buffer over" in glibc git doesn't reveal that much of them (although in case of CVE-2015-0235 the upstream commit message wasn't even talking of a buffer overflow). Regards, -- Yves-Alexis [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ