Date: Mon, 17 Apr 2017 13:35:26 -0700 From: Kenton Varda <kenton@...udflare.com> To: Solar Designer <solar@...nwall.com> Cc: oss-security@...ts.openwall.com, Tom Lee <debian@...lee.co> Subject: Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Hi, This has been assigned: CVE-2017-7892 Apologies for failing to follow the list guidelines. Thanks, -Kenton On Mon, Apr 17, 2017 at 11:07 AM, Solar Designer <solar@...nwall.com> wrote: > On Mon, Apr 17, 2017 at 10:35:51AM -0700, Kenton Varda wrote: > > Whoops, apparently I'm supposed to use the web form now. Sorry! > > Yes, but many of us in here care(d) about being notified of security > issues much more than about CVEs, hence as a moderator I approved your > posting anyway. Once you've obtained the CVE ID from MITRE, please post > it to this same thread as a "reply". > > > On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com> > wrote: > > > Full details and fix covered here: https://github.com/sandstorm-i > > > o/capnproto/blob/master/security-advisories/2017-04-17-0- > > > apple-clang-elides-bounds-check.md > > The lack of detail in your posting goes against published oss-security > guidelines, which are: > > http://oss-security.openwall.org/wiki/mailing-lists/oss- > security#list-content-guidelines > > "At least the most essential part of your message (e.g., vulnerability > detail and/or exploit) should be directly included in the message itself > (and in plain text), rather than only included by reference to an > external resource. Posting links to relevant external resources as well > is acceptable, but posting only links is not. Your message should > remain valuable even with all of the external resources gone." > > Here's the "unbroken" GitHub URL: > > https://github.com/sandstorm-io/capnproto/blob/master/ > security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md > > and I've attached to this message the "raw" (text) version from: > > https://raw.githubusercontent.com/sandstorm-io/capnproto/ > master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md > > as text/plain. > > Thanks, > > Alexander >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ