oss-sec mailing list archives
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes
From: Hans Bolinder <hans.bolinder () ericsson com>
Date: Mon, 4 Apr 2011 13:38:05 +0200
[Jan Lieskovsky:]
based on: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619857 and: [2] http://www.erlang.org/download/otp_src_R14B.readme [3] http://www.erlang.org/download/otp_src_R14B01.readme [4] http://www.erlang.org/download/otp_src_R14B02.readme performed some initial issues review -- erlang-CVE-request.txt attached. But since not sure, which of those are real security flaws and how many CVE ids will be needed for those, Cc-ing also Erlang upstream developers to shed more light into this. ... could you please have a look at the attached review file and reply which of the #20 OTPs in the list are security flaws (so we would know the count of CVE identifiers needed) and which are just bugs? (since you know the Erlang code better than me)
stdlib: - 20), race condition/silent data corruption in dets OTP-8898 Patch: https://github.com/erlang/otp/commit/4e79fa3b1b6797f2583848d307d6b85cec94a920 Note: Hard to tell if has security implications
It's a bug fix, and I believe it has no security implications. Best regards, Hans Bolinder, Erlang/OTP team, Ericsson
Current thread:
- Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Hans Bolinder (Apr 04)