Date: Thu, 27 Aug 2015 11:56:09 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2015-5237: Integer overflow in protobuf serialization (currently minor) https://github.com/google/protobuf/issues/760 This is currently not intended to be addressed upstream, which is a bit disappointing. It's true that this issue does not have much exposure right now, but in a couple of years, the message sizes involved will not seem so gigantic anymore. And as explained in the bug report, fixing this will be difficult because it involves updating generated code; it won't be a simple library update. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.