Date: Thu, 30 Jun 2016 21:58:13 +0800 From: Marcel Böhme <boehme.marcel@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com, florian@...h-krohm.de, nickc@...hat.com, bschmidt@...hat.com Subject: Re: CVE Request: No demangling of untrusted binaries (2) Hi, > On 30 Jun 2016, at 9:44 PM, cve-assign@...re.org wrote: > > Use CVE-2016-6131. > > As far as we can tell, there was only one vulnerability reported here. Yes. This was a CVE request for only one vulnerability that was reported here. > We don't understand the reference to "All vulnerabilities were found > with" - this seems to imply more than one vulnerability. Also, we > don't understand the parenthesized numbers such as "No demangling of > untrusted binaries (2)" in the Subject line, and "Libiberty Demangler > segfaults (6)" and "Fix fir PR71696 in Libiberty Demangler (6)" in the > references. Moreover, this was also meant as a small update on the progress of the other vulnerabilities in GNU Libiberty that have been reported and assigned CVEs previously (and assigning credit to the tool we used; http://seclists.org/oss-sec/2016/q2/238). Thanks! - Marcel
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ