oss-sec mailing list archives
Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 May 2013 20:18:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/09/2013 07:03 AM, Peter Bex wrote:
On Wed, May 08, 2013 at 11:07:02PM +0200, Peter Bex wrote:There are two commits which together fix the bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091
Correction, this introduced a bug on systems where connect() can return EINPROGRESS, resulting in an exception being raised when connecting to a socket and immediately writing to it. A third patch is required to fix this bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f Cheers, Peter
Please use CVE-2013-2075 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRjapyAAoJEBYNRVNeJnmTFKEP/ikEqJ3WOxMEo1EhvggwY6QV oTo5T14w6XVMTvbo+MTunojqHPqBUC2l4W0fYPFsTaLF3UTlJl7GiAf+v0d4YVDG Y/4GJg13Fef93IW5dQaAXn8gcxf6zswwmS619tbjE6Qi3IThlGK6pdoNnBjYbDIG m+3m2JR3pXXdDtzuJVtRjhz/LZA5aj3ZHGxyKsbT4kB1LEXBS4JJJBVPtRCAb9/B yntXaccjneaH2ngxe8oxv6PVTqX5f7mhMWZQUM770OkyOgeDZmd7qQhIGQlCKskl qye6zGRuOYstSYo9Symnv4UXebvrGmgcMmMsKnmiCLwd4zGHe1JB6u6F/6rF/rV+ olli432bHI78rTUkRByNw509iD0gSKbhOn3+QGaTcZyzkXHqvib+W69qduLAl8kr 11njmoWuTpf3+8B84KUJEqpSyKCZ2iidYge46utiFlgVIEnGYAnMT5G/rvU8a4nv sk4zt894rJIIVp5+S4Siz1kQP5hlplEKJlhH3lR77lXRhCGQZcFerJ8nIh6RHM3k l91X+Kd/NITybydAby5tA9RhT1xXuacbgehY5zYeuc2nSQl0N29Y4CRNJuZATChM V7iC1pyGPnlEH1CIIl7toJm2fEdnm+5tN6YYbF8fKJDoawZpOdTVkclAwkrYv6n0 iNzGpGaeC2/pd/VtWTPB =YGIN -----END PGP SIGNATURE-----
Current thread:
- CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 08)
- Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 09)
- Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Kurt Seifried (May 10)
- Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 09)