Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Mar 2016 13:01:38 -0500 (CDT)
From: Bob Friesenhahn <>
To: oss-security <>
Subject: Re: Re: CVE-Request - GNU Awk.

On Mon, 14 Mar 2016, Kurt Seifried wrote:

> Is a SIGSEGV on it's own enough to justify a CVE? For some apps the answer
> would be yes (e.g. a single threaded network service that crashes out). For
> something like gawk I'm not so sure, it's a local utility that shouldn't

I don't see a security issue here.  It is just a bug.  In order for it 
to be a security issue, it needs to be caused by external data input 
into the program (e.g data processed by the awk script).  This would 
also apply to a network service which has a bug and crashes due to 
something other than specific external input (e.g. resource leak).

Bob Friesenhahn,
GraphicsMagick Maintainer,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.