Date: Fri, 21 Nov 2014 17:37:40 +0300 From: Alexander Cherepanov <cherepan@...me.ru> To: oss-security@...ts.openwall.com Subject: Re: cve request: libbfd? On 21.11.2014 16:15, Vasyl Kaigorodov wrote: > Has anyone from MITRE had a chance to look into it yet? They were assigned in other threads, see below. > On Tue, 11 Nov 2014, Vasyl Kaigorodov wrote: >> >Directory traversal vulnerability allowing random files deleteion/creation >> >Upstream tracker:https://sourceware.org/bugzilla/show_bug.cgi?id=17552 >> >Upstream patch:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 There were two variants of this vulnerability -- file creation with ar and file deletion with strip/objcopy. Both are fixed with the commit you linked to above. MITRE assigned CVE-2014-8737 to it here: http://www.openwall.com/lists/oss-security/2014/11/13/1 >> >Out-of-bounds memory write while processing a crafted "ar" archive >> >Upstream tracker:https://sourceware.org/bugzilla/show_bug.cgi?id=17533 >> >Upstream patch:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f MITRE assigned CVE-2014-8738 to it here: http://www.openwall.com/lists/oss-security/2014/11/13/2 -- Alexander Cherepanov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.