[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Assignment (gnustep)
From:       Dan Rosenberg <dan.j.rosenberg () gmail ! com>
Date:       2010-05-07 14:20:55
Message-ID: u2p4a6942471005070720x9fcbe9e7h3a8bc971531ccd8e () mail ! gmail ! com
[Download RAW message or body]

Note that there's a second bug in there - a potentially exploitable
integer overflow leading to heap overflow when reading a file (or
socket) with a very large number of lines, causing several malloc()
calls to underallocate space.  This should probably receive a second
CVE.

http://article.gmane.org/gmane.comp.lib.gnustep.bugs/12379

-Dan

On Fri, May 7, 2010 at 9:04 AM, Josh Bressers <bressers@redhat.com> wrote:
> A file contents disclosure flaw was found when gdomap is suid root:
>
> https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108
> http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
>
> I assigned CVE-2010-1457 to this.
>
> Thanks.
>
> --
>    JB
>

[prev in list] [next in list] [prev in thread] [next in thread]