Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 15 Oct 2016 22:56:54 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: potrace: invalid memory access in findnext (decompose.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/

> SEGV on unknown address

> 0x7fd7ec5bcbf3 in findnext ... potrace-1.13/src/decompose.c:436:11
> 0x7fd7ec5bcbf3 in getenv ... potrace-1.13/src/decompose.c:478

Use CVE-2016-8685.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYAud1AAoJEHb/MwWLVhi2ScEP/3lo1mPD67U4CEoptEWB4GRo
yalqHOyd5Gs5X+D/lV2upZded+s3W2mRZ8ubu0S8bQdhkSbEHH4tX+ovPzV6LaAb
GNwYTSr1uCOGZCKRlN1HdU7NzQvjeAUi4w2JJBpV+XpTe21cEAopLH4w41Xwue4X
Wl3U5rF9dRVaqRng1LX56nC9bvHiVGe+DcbmpY46AosSIdTrXiBMi5KtHLgKTE6S
iYu5nTeIpK8DNsgDSPa9tqdsqxvihrF+xey5rPn02dHFumKJQOCis04VwOxgFtQG
8WGYob2bhXlxC1+AZcSox5BgIE5hS3MttouVmeqSviSSq1SO/QRF+Qu34iZZcCuI
573spEard0RIkqcY+RvVij8W2H6507P1fBZKLMjFxhDz4pR5hj6kjArRRL7X0LA8
WiS4wGK6l33mmUCwAzTfJTrmWlRO5qbJwaM7pGCo3d4BRwdmmq/sTv4Sov2txMxw
PFtj0FL44QAkuKEjcNp4lbLCF6XE3MB6cfeTnfjyya1evuSP5URD8SUHRB42Kjb5
FrCUOs2wYKVBOjtUabLKt9mrciBLqarEzXbbY1BWAqmOh8vBDyHGXLQL9oS4GT9E
BRhuq6CtPdH9+u5UKKSe3/TCQUcvmWNDowQcEqnnIgT7hxm+HGo/iz+9uIFj9ZgQ
kWGGXBvz+mQSlqdBJEW8
=odv0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ