Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Apr 2017 13:35:26 -0700
From: Kenton Varda <kenton@...udflare.com>
To: Solar Designer <solar@...nwall.com>
Cc: oss-security@...ts.openwall.com, Tom Lee <debian@...lee.co>
Subject: Re: Re: CVE Request: Cap'n Proto: Bounds check elided
 by compiler optimization

Hi,

This has been assigned: CVE-2017-7892

Apologies for failing to follow the list guidelines.

Thanks,
-Kenton

On Mon, Apr 17, 2017 at 11:07 AM, Solar Designer <solar@...nwall.com> wrote:

> On Mon, Apr 17, 2017 at 10:35:51AM -0700, Kenton Varda wrote:
> > Whoops, apparently I'm supposed to use the web form now. Sorry!
>
> Yes, but many of us in here care(d) about being notified of security
> issues much more than about CVEs, hence as a moderator I approved your
> posting anyway.  Once you've obtained the CVE ID from MITRE, please post
> it to this same thread as a "reply".
>
> > On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com>
> wrote:
> > > Full details and fix covered here: https://github.com/sandstorm-i
> > > o/capnproto/blob/master/security-advisories/2017-04-17-0-
> > > apple-clang-elides-bounds-check.md
>
> The lack of detail in your posting goes against published oss-security
> guidelines, which are:
>
> http://oss-security.openwall.org/wiki/mailing-lists/oss-
> security#list-content-guidelines
>
> "At least the most essential part of your message (e.g., vulnerability
> detail and/or exploit) should be directly included in the message itself
> (and in plain text), rather than only included by reference to an
> external resource.  Posting links to relevant external resources as well
> is acceptable, but posting only links is not.  Your message should
> remain valuable even with all of the external resources gone."
>
> Here's the "unbroken" GitHub URL:
>
> https://github.com/sandstorm-io/capnproto/blob/master/
> security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
>
> and I've attached to this message the "raw" (text) version from:
>
> https://raw.githubusercontent.com/sandstorm-io/capnproto/
> master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
>
> as text/plain.
>
> Thanks,
>
> Alexander
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ