[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request: No demangling of untrusted binaries (2)
From:       Marcel_Böhme <boehme.marcel () gmail ! com>
Date:       2016-06-30 13:58:13
Message-ID: 8F926CD5-3628-4E1D-89B7-CAA0F98D63DE () gmail ! com
[Download RAW message or body]

Hi,

> On 30 Jun 2016, at 9:44 PM, cve-assign@mitre.org wrote:
> 
> Use CVE-2016-6131.
> 
> As far as we can tell, there was only one vulnerability reported here.
Yes. This was a CVE request for only one vulnerability that was reported here.

> We don't understand the reference to "All vulnerabilities were found
> with" - this seems to imply more than one vulnerability. Also, we
> don't understand the parenthesized numbers such as "No demangling of
> untrusted binaries (2)" in the Subject line, and "Libiberty Demangler
> segfaults (6)" and "Fix fir PR71696 in Libiberty Demangler (6)" in the
> references.
Moreover, this was also meant as a small update on the progress of the other vulnerabilities in \
GNU Libiberty that have been reported and assigned CVEs previously (and assigning credit to the \
tool we used; http://seclists.org/oss-sec/2016/q2/238).

Thanks!
- Marcel=


[prev in list] [next in list] [prev in thread] [next in thread]