Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 4 May 2015 07:41:38 +0200
From: Hanno Böck <>
To: Salvatore Bonaccorso <>
Cc: OSS Security Mailinglist <>,
  CVE Assignments MITRE <>
Subject: Re: CVE request: libarchive: Out of bounds read
 using malformed cpio archive

On Mon, 4 May 2015 07:35:51 +0200
Salvatore Bonaccorso <> wrote:

> Could a CVE be assigned for the following issue in libarchive:

I've lately reported ~15 different memory access issues in libarchive.
Not sure, do you want to assign CVEs for all of them?

Wanted to wait till everything is fixed and make a big announcement
then, but given that this seems to take longer than expected I don't

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.