|
Message-Id: <8F926CD5-3628-4E1D-89B7-CAA0F98D63DE@gmail.com> Date: Thu, 30 Jun 2016 21:58:13 +0800 From: Marcel Böhme <boehme.marcel@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com, florian@...h-krohm.de, nickc@...hat.com, bschmidt@...hat.com Subject: Re: CVE Request: No demangling of untrusted binaries (2) Hi, > On 30 Jun 2016, at 9:44 PM, cve-assign@...re.org wrote: > > Use CVE-2016-6131. > > As far as we can tell, there was only one vulnerability reported here. Yes. This was a CVE request for only one vulnerability that was reported here. > We don't understand the reference to "All vulnerabilities were found > with" - this seems to imply more than one vulnerability. Also, we > don't understand the parenthesized numbers such as "No demangling of > untrusted binaries (2)" in the Subject line, and "Libiberty Demangler > segfaults (6)" and "Fix fir PR71696 in Libiberty Demangler (6)" in the > references. Moreover, this was also meant as a small update on the progress of the other vulnerabilities in GNU Libiberty that have been reported and assigned CVEs previously (and assigning credit to the tool we used; http://seclists.org/oss-sec/2016/q2/238). Thanks! - Marcel
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.