oss-security - Re: Fuzzy CVE's in GNU inetutils

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Sun, 16 Jan 2022 15:49:29 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fuzzy CVE's in GNU inetutils

On 1/16/22 00:54, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Fri, Jan 14, 2022 at 06:56:13PM -0800, Alan Coopersmith wrote:
>> I noticed a number of new CVE's recently published against GNU inetutils,
>> which seem to correspond to the results of fuzz testing that were mailed
>> out in December, as seen on
>> https://lists.gnu.org/archive/html/bug-inetutils/2021-12/threads.html
> 
> In fact all of those were REJECTED again (with a "Further
> investigation showed that it was not a security issue" reason).

Thanks, I see they've all been updated since I checked on Friday.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.