oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Solar Designer <solar () openwall com>
Date: Fri, 30 Jan 2015 03:14:10 +0300
On Fri, Jan 30, 2015 at 01:00:35AM +0100, Hanno B??ck wrote:
At some point I stopped caring too much about CVEs
FWIW, I never cared about them much. But I do care about the confusion and its possible negative impact:
because I felt waiting for them stops me from reporting more issues.
Huh?! IMO, no one should ever wait for a CVE before reporting an issue! If it is possible to get a CVE assigned during an embargo period that would exist anyway, and without disclosing the vulnerability detail to any extra party, great! (e.g. this happens for issues handled via the distros list, where CVEs are currently getting assigned from Red Hat's pool without having to inform any extra party.) If this is not possible, then do without CVE (and one may be assigned when the issue is already public in here). Alexander
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)