oss-sec mailing list archives
Re: CVE Request coreutils
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 21 Jan 2013 13:39:27 -0700
* [2013-01-21 19:17:49 +0100] Moritz Muehlenhoff wrote:
Can someone assign a CVE id for a buffer overflow in coreutils? Its the same code snippet (coreutils-i18n.patch) and it affects sort, uniq and join: https://bugzilla.novell.com/show_bug.cgi?id=798538 https://bugzilla.novell.com/show_bug.cgi?id=796243 https://bugzilla.novell.com/show_bug.cgi?id=798541Could you send the faulty patch to the list so that distros can validate that they don't include it themselves?
Red Hat/Fedora do include this patch, so it's more than just SUSE that ships them. However, when I was looking at them last week, this struck me as just a non-exploitable crash and unless I'm missing something, I think it would be quite the stretch to call it a security flaw. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)