tcpdump mailing list archives
Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?
From: Romain Francoise <rfrancoise () debian org>
Date: Fri, 21 Nov 2014 23:01:15 +0100
On Fri, Nov 21, 2014 at 03:47:06PM -0500, Michael Richardson wrote:
It's supposed to happen, but I'm checking. Should be there now. Is cron failing to do it's thing?
Ok, the fixes still aren't on master, but now there's a tcpdump-4.7 branch with the commits I need. So I apparently need all of these? 3f5693a 10 days ago Guy Harris Report a too-long unreachable destination list. 54d2912 10 days ago Guy Harris Not using offsetof() any more, so no need for <stddef.h>. e302ff0 10 days ago Guy Harris Further cleanups. 3e8a443 10 days ago Guy Harris Clean up error message printing. ab4e52b 10 days ago Guy Harris Add initial bounds check, get rid of union aodv. 4038f83 10 days ago Guy Harris Do more bounds checking and length checking. 9255c9b 10 days ago Guy Harris Do bounds checking and length checking. print-aodv.c | 481 ++++++++++++++++++++++++++------------------------------- print-geonet.c | 270 ++++++++++++++++++-------------- print-olsr.c | 56 +++++-- 3 files changed, 417 insertions(+), 390 deletions(-) That's a lot bigger than typical security patches. :(
It's in the tcpdump.org/beta/ directory, but I didn't want to release until the distros had a chance to patch.
But did you notify the distros? Because I didn't get advance notice, and the others haven't released security updates yet either. Thanks, -- Romain Francoise <rfrancoise () debian org> http://people.debian.org/~rfrancoise/ _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Romain Francoise (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Guy Harris (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michael Richardson (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Romain Francoise (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Romain Francoise (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michael Richardson (Nov 22)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michal Sekletar (Nov 23)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Guy Harris (Nov 23)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Romain Francoise (Nov 24)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Guy Harris (Nov 24)
- Message not available
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Romain Francoise (Nov 25)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michal Sekletar (Nov 25)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Kishore Kumar (Nov 25)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michal Sekletar (Nov 25)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Michael Richardson (Nov 21)
- Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769? Guy Harris (Nov 21)