Date: Tue, 23 Oct 2018 20:09:45 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hi FTR, three CVEs were assigned by MITRE, whereeas one is explicitly marked as DISPUTED, because upstream makes clear in the changelog entry, that the chmextract utility is more an example code how to use the library rather than "productised" binaries. Still a CVE was assigned for downstreams using it as such. Here are the assignments: CVE-2018-18584: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 CVE-2018-18585: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f CVE-2018-18586: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.