Date: Mon, 8 Feb 2016 11:19:14 +0400 From: Stepan Golosunov <stepan@...osunov.pp.ru> To: oss-security@...ts.openwall.com Cc: security@...ian.org, Salvatore Bonaccorso <carnil@...ian.org> Subject: CVE request - buffer overflow in xdelta3 before 3.0.9 Hi, Buffer overflow was found and fixed in xdelta3 binary diff tool that allows arbitrary code execution from input files at least on some systems. 08.02.2016 Χ 06:57:12 +0100 Salvatore Bonaccorso ΞΑΠΙΣΑΜ: > On Sun, Feb 07, 2016 at 07:05:12PM +0400, Stepan Golosunov wrote: > > This appears to be fixed in xdelta3 3.0.9 and later via > > https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2 > > Can you request a CVE as well on the oss-security mailinglist or from > MITRE directly? (You can keep us in the loop). Doing so.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ