Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Feb 2016 11:19:14 +0400
From: Stepan Golosunov <stepan@...osunov.pp.ru>
To: oss-security@...ts.openwall.com
Cc: security@...ian.org, Salvatore Bonaccorso <carnil@...ian.org>
Subject: CVE request - buffer overflow in xdelta3 before 3.0.9

Hi,

Buffer overflow was found and fixed in xdelta3 binary diff tool that
allows arbitrary code execution from input files at least on some
systems.

08.02.2016 в 06:57:12 +0100 Salvatore Bonaccorso написал:
> On Sun, Feb 07, 2016 at 07:05:12PM +0400, Stepan Golosunov wrote:
> > This appears to be fixed in xdelta3 3.0.9 and later via
> > https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
> 
> Can you request a CVE as well on the oss-security mailinglist or from
> MITRE directly? (You can keep us in the loop).

Doing so.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ