Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 28 Feb 2018 23:09:51 +0100
From: Hanno Böck <>
Subject: Re: Information on file, sqlite, libarchive, pcre
 issues for CVE IDs assigned by Apple?

On Wed, 28 Feb 2018 21:24:10 +0100
Moritz Muehlenhoff <> wrote:

> Of the IDs mentioned above, only CVE-2017-10989 refers to specific,
> identifiable information. Does anyone on the list have additional
> information on any of these bugs; allowing to map them to upstream
> bug reports/patches?

This only partly answers your question, but the oss-fuzz issues are
handled in a public bug tracker (public as in "they become public once
they're fixed or a deadline has passed" I believe):

You'll find issues in sqlite, file and libarchive there, but of course
that doesn't give you a mapping to the CVEs assigned.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.