Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Jun 2016 21:58:13 +0800
From: Marcel Böhme <boehme.marcel@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com,
 florian@...h-krohm.de,
 nickc@...hat.com,
 bschmidt@...hat.com
Subject: Re: CVE Request: No demangling of untrusted binaries (2)

Hi,

> On 30 Jun 2016, at 9:44 PM, cve-assign@...re.org wrote:
> 
> Use CVE-2016-6131.
> 
> As far as we can tell, there was only one vulnerability reported here.
Yes. This was a CVE request for only one vulnerability that was reported here.

> We don't understand the reference to "All vulnerabilities were found
> with" - this seems to imply more than one vulnerability. Also, we
> don't understand the parenthesized numbers such as "No demangling of
> untrusted binaries (2)" in the Subject line, and "Libiberty Demangler
> segfaults (6)" and "Fix fir PR71696 in Libiberty Demangler (6)" in the
> references.
Moreover, this was also meant as a small update on the progress of the other vulnerabilities in GNU Libiberty that have been reported and assigned CVEs previously (and assigning credit to the tool we used; http://seclists.org/oss-sec/2016/q2/238).

Thanks!
- Marcel

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ