Date: Tue, 15 Mar 2016 18:43:07 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: La??l Cellier <lael.cellier@...oste.net> Subject: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished cve-2016-2324 and cve-2016-2315) Thanks for bringing this to oss-security. On Tue, Mar 15, 2016 at 03:55:37PM +0100, La??l Cellier wrote: > Hello, original report describing the overflow is here > http://pastebin.com/UX2P2jjg Going forward, please post the actual content directly to oss-security, not (only) via reference. I've attached the contents of this pastebin to this message, so that it's properly archived. (No idea why you had "cve" obfuscated with Unicode, but I undid that.) Alexander View attachment "cve-2016-2315.c" of type "text/x-c" (1674 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ