Date: Thu, 9 May 2013 15:03:38 +0200 From: Peter Bex <Peter.Bex@...all.nl> To: Open Source Security <oss-security@...ts.openwall.com> Subject: Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) On Wed, May 08, 2013 at 11:07:02PM +0200, Peter Bex wrote: > There are two commits which together fix the bug: > http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7 > http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091 Correction, this introduced a bug on systems where connect() can return EINPROGRESS, resulting in an exception being raised when connecting to a socket and immediately writing to it. A third patch is required to fix this bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f Cheers, Peter -- http://www.more-magic.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.