Date: Tue, 17 Feb 2015 22:47:14 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: CVE-Request - bitbake * Maxin John: > Executing "bitbake -g -u depexp <package>" when DISPLAY is not > properly set causes segfault and a denial of service (through OOM) via > a crafted script. > > Bug Report URL: > https://bugzilla.yoctoproject.org/show_bug.cgi?id=7299 I'm not sure if this is a security vulnerability in Bitbake. It's a build tool, right? If the build jobs are not constraint externally, the build commands could cause resource exhaustion in their own right, I think.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ