Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Nov 2014 17:37:40 +0300
From: Alexander Cherepanov <>
Subject: Re: cve request: libbfd?

On 21.11.2014 16:15, Vasyl Kaigorodov wrote:
> Has anyone from MITRE had a chance to look into it yet?

They were assigned in other threads, see below.

> On Tue, 11 Nov 2014, Vasyl Kaigorodov wrote:
>> >Directory traversal vulnerability allowing random files deleteion/creation
>> >Upstream tracker:
>> >Upstream patch:;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42

There were two variants of this vulnerability -- file creation with ar 
and file deletion with strip/objcopy. Both are fixed with the commit you 
linked to above.

MITRE assigned CVE-2014-8737 to it here:

>> >Out-of-bounds memory write while processing a crafted "ar" archive
>> >Upstream tracker:
>> >Upstream patch:;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

MITRE assigned CVE-2014-8738 to it here:

Alexander Cherepanov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.