Date: Tue, 05 Aug 2014 15:50:32 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: submit@...ec.org Subject: CVE request: issues in ISO C++ 2011 regex library Hello, Maksymilian Arciemowicz reported a number of issues in the ISO C++ 2011 regex libraries: http://seclists.org/fulldisclosure/2014/Aug/1 Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582 http://llvm.org/bugs/show_bug.cgi?id=20291 For the memory corruption bug (61582), there seems to be more than one issue here (at least a heap-based buffer overflow and a stack overflow of some sort). Can a single CVE be assigned, or do you need specific details for each issue (I don't currently have those)? With GCC 4.8 in Fedora, the affected program needs to be compiled using the "-std=c++11" option. Thanks, -- Murray McAllister / Red Hat Product Security https://bugzilla.redhat.com/show_bug.cgi?id=1126688 https://bugzilla.redhat.com/show_bug.cgi?id=1126691 https://bugzilla.redhat.com/show_bug.cgi?id=1126695
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.