oss-sec mailing list archives
Re: CVE request: directory traversal flaw in patch
From: Martin Prpic <mprpic () redhat com>
Date: Tue, 20 Jan 2015 17:29:25 +0100
cve-assign () mitre org writes:
On Wed, 14 Jan 2015, Martin Prpic wrote:Hi, A directory traversal flaw was reported in patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 Could a CVE please be assigned to this issue? Thank you. -- Martin Prpič / Red Hat Product SecurityUse CVE-2015-1196. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Hi! I think these issues in patch also deserve CVEs: https://savannah.gnu.org/bugs/?44051 "With a specific file, patch goes to infinite loop and eats all CPU time." https://savannah.gnu.org/bugs/?44051 "Got an other issue which output this before segfault: patching file util.h Ran out of memory using Plan A -- trying again... patching file util.h Segmentation fault" http://git.savannah.gnu.org/cgit/patch.git/commit/?id=44a987e02f04b9d81a0db4a611145cad1093a2d3 "Add line number overflow checking. Based on Robert C. Seacord's INT32-C document for integer overflow checking and Tobias Stoeckmann's "integer overflows and oob memory access" patch for FreeBSD." Thank you! -- Martin Prpič / Red Hat Product Security
Current thread:
- CVE request: directory traversal flaw in patch Martin Prpic (Jan 14)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)
- Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 22)
- Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)