Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Jun 2016 21:58:13 +0800
From: Marcel Böhme <>
Subject: Re: CVE Request: No demangling of untrusted binaries (2)


> On 30 Jun 2016, at 9:44 PM, wrote:
> Use CVE-2016-6131.
> As far as we can tell, there was only one vulnerability reported here.
Yes. This was a CVE request for only one vulnerability that was reported here.

> We don't understand the reference to "All vulnerabilities were found
> with" - this seems to imply more than one vulnerability. Also, we
> don't understand the parenthesized numbers such as "No demangling of
> untrusted binaries (2)" in the Subject line, and "Libiberty Demangler
> segfaults (6)" and "Fix fir PR71696 in Libiberty Demangler (6)" in the
> references.
Moreover, this was also meant as a small update on the progress of the other vulnerabilities in GNU Libiberty that have been reported and assigned CVEs previously (and assigning credit to the tool we used;

- Marcel

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ