oss-sec mailing list archives

Re: CVE Request coreutils

From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 21 Jan 2013 19:17:49 +0100

Hi Sebastian,

Can someone assign a CVE id for a buffer overflow in coreutils?
Its the same code snippet (coreutils-i18n.patch) and it affects sort, uniq and join:

https://bugzilla.novell.com/show_bug.cgi?id=798538
https://bugzilla.novell.com/show_bug.cgi?id=796243
https://bugzilla.novell.com/show_bug.cgi?id=798541


Could you send the faulty patch to the list so that distros can validate
that they don't include it themselves?

Cheers,
        Moritz

Current thread:

CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
  - Re: CVE Request coreutils Kurt Seifried (Jan 21)
  - Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
    - Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
  - Re: CVE Request coreutils Vincent Danen (Jan 21)
    - Re: CVE Request coreutils Kurt Seifried (Jan 21)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
    - Re: CVE Request coreutils Vincent Danen (Jan 22)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
    - Re: CVE Request coreutils Vincent Danen (Jan 23)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
  - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)