oss-sec mailing list archives
Re: CVE Request coreutils
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 22 Jan 2013 10:20:31 +0100
I think its this one: http://bit.ly/UOzlmT and the alloca() inside it. Sebastian On Mon, Jan 21, 2013 at 07:17:49PM +0100, Moritz Muehlenhoff wrote:
Hi Sebastian,Can someone assign a CVE id for a buffer overflow in coreutils? Its the same code snippet (coreutils-i18n.patch) and it affects sort, uniq and join: https://bugzilla.novell.com/show_bug.cgi?id=798538 https://bugzilla.novell.com/show_bug.cgi?id=796243 https://bugzilla.novell.com/show_bug.cgi?id=798541Could you send the faulty patch to the list so that distros can validate that they don't include it themselves? Cheers, Moritz
-- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- Re: CVE Request coreutils, (continued)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)