Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 22 Nov 2016 19:17:13 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: libdwarf: negation overflow in dwarf_leb.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c

> dwarf_leb.c:306:19: runtime error: negation of -9223372036854775808 cannot be
> represented in type 'Dwarf_Signed' (aka 'long long')

> https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5

> libdwarf/dwarf_leb.c 
> dwarfdump/print_frames.c 

Use CVE-2016-9558.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYNN5vAAoJEHb/MwWLVhi2GfkP/jgNLEYfq0Q32Eo1nHbEkMUz
w2mmoTJn9AUDZMrcBvO8ir4o8NXFrQBx2VbDgwWKH2ba8fXq2hlVGc3n3TDaLxp3
QfqMowvu0dZw78L6sPWBEwsVh5wzmAQOV5ORoLJhe4vT+UQgTeze8uRtpiM8TxmQ
09oSpDfZtlY1YCreHb5wgkZoBUxwu/wmFSFWw7LNh20fPfaVtfzn/wUbjnhfF6Et
5yYhY6pcMnOmZoXqpbXvCNi3iLJHaWAVbbME3lL4shmG4ZnnYq/DmIGBqtu9t0zu
gqvfT9ZqFkenxdTBAWKtwFY+4His6ORl3xwYUgxkNaINPDTew9lx49XvpYi20wB7
SQSbc0pfY3vv+Xe3Svu8JtcFK/0QL1dBWns79OafFnF6Th721o1FNsz6vSWTp0TW
01voipBiOq8tv3eF/oAGO9ENJv6l/GQXAy1vy0vfS4HXDechPxTNgG3jm1DrM/WH
X2oezB+KKQdxGc03N48oewPy+GHcaZm48XdLkrCARBLaP2scTIeW62Xx1LrclaGX
Frn8w5JDYe2CHuk6+h7XsY/WVdMDO9akjZiImuey/LJJ5Hja+VCYqeG3cLlLK72A
drA2E9FBuphjZEy6qjYroy6X+vxQhFxuEQVC07yaygT/2ySSNP4ujRAQvQZKszSt
kyslnffeY07X+QLx5GNi
=00TY
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ