oss-sec mailing list archives

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 29 Jan 2015 17:16:21 +0100

On Thu, 29 Jan 2015 08:00:48 -0800
Paul Pluzhnikov <ppluzhnikov () gmail com> wrote:

What is the appropriate forum to cry alarm on?

We are not a distro, and (AFAICT) are not on any of the closed lists.
But maybe we should be.


I'm not on any closed list either, but I agree chrome os people
probably should be on the distros list :-)
I think Solar Designer is the responsible person that manages this.

On the alarm crying it depends. In this case it already was pretty much
public, so forwarding the info here would be appropriate I think. I
assume that's also true for all too-minor-to-worry-too-much-issues.
If these become too much we can always think about another public "post
minor maybe-security-issues-here"-mailing-list. But a lot of minor
issues get posted here already and I think people are fine with it
right now.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- - - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
    - Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 28)
  - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
  - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)

(Thread continues...)