oss-sec mailing list archives
Re: CVE Assignment (gnustep)
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 7 May 2010 10:20:55 -0400
Note that there's a second bug in there - a potentially exploitable integer overflow leading to heap overflow when reading a file (or socket) with a very large number of lines, causing several malloc() calls to underallocate space. This should probably receive a second CVE. http://article.gmane.org/gmane.comp.lib.gnustep.bugs/12379 -Dan On Fri, May 7, 2010 at 9:04 AM, Josh Bressers <bressers () redhat com> wrote:
A file contents disclosure flaw was found when gdomap is suid root: https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108 http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 I assigned CVE-2010-1457 to this. Thanks. -- JB
Current thread:
- CVE Assignment (gnustep) Josh Bressers (May 07)
- Re: CVE Assignment (gnustep) Dan Rosenberg (May 07)
- Re: CVE Assignment (gnustep) Josh Bressers (May 07)
- Re: CVE Assignment (gnustep) Dan Rosenberg (May 07)