Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 May 2015 07:35:51 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: CVE request: libarchive: Out of bounds read using malformed cpio
 archive

Hi

Could a CVE be assigned for the following issue in libarchive:

Advisory by Paris Zoumpouloglou:
http://seclists.org/fulldisclosure/2015/Apr/102

Upstream bugreport (including reproducer for the issue):
https://github.com/libarchive/libarchive/issues/502

Fixing commit:
https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008

Additional reference in Red Hat's bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1216891

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.