oss-sec mailing list archives
Re: glibc locale escaping issue
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Tue, 8 Mar 2011 17:35:50 -0500 (EST)
On Tue, 8 Mar 2011, Josh Bressers wrote:
I think the line between fix vs enhancement is crossed when we're talking about documented behavior.
Discrepancy between documented behavior and actual behavior - whether an error in the code or an error in the documentation - plus a clear or likely exploit scenario - *especially* for multi-purpose libraries and interpreters - seems reasonable for assigning a CVE.
- Steve
Current thread:
- glibc locale escaping issue Tomas Hoger (Mar 08)
- Re: glibc locale escaping issue Josh Bressers (Mar 08)
- Re: glibc locale escaping issue Steven M. Christey (Mar 08)
- Re: glibc locale escaping issue Josh Bressers (Mar 08)