[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20181023180945.GA13330@lorien.valinor.li>
Date: Tue, 23 Oct 2018 20:09:45 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Buffer overflow in cabextract/libmspack (Fwd: New
cabextract 1.8 and libmspack 0.8 release)
Hi
FTR, three CVEs were assigned by MITRE, whereeas one is explicitly
marked as DISPUTED, because upstream makes clear in the changelog
entry, that the chmextract utility is more an example code how to use
the library rather than "productised" binaries. Still a CVE was
assigned for downstreams using it as such.
Here are the assignments:
CVE-2018-18584:
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
CVE-2018-18585:
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
CVE-2018-18586:
https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
Regards,
Salvatore
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
