Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 13:10:41 +0100
From: Florian Weimer <>
Subject: Re: invalid free in GNU ed before 1.14.1

On 01/12/2017 12:14 PM, Hanno Böck wrote:
> Hi,
> ed 1.14.1 fixes an invalid free, reported here:
> Reproducer:
> echo -e "H\n?\{" | ed
> Found with afl. ed 1.14.1 didn't show any more issues with afl/asan
> fuzzing.
> Not sure if there's any scenario where ed is used with untrusted input.

There is red/ed -r.  I wouldn't rely on it for security isolation, but 
the functionality does exist.

(Debian's APT uses ed scripts for package list diffs, but it doesn't use 
ed to apply them.)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.