oss-sec mailing list archives

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: Jan Schaumann <jschauma () netmeister org>
Date: Thu, 29 Jan 2015 13:33:10 -0500

Paul Pluzhnikov <ppluzhnikov () gmail com> wrote:

If I was supposed to cry alarm, I would have to cry alarm every time
there is a buffer overflow in glibc, which doesn't seem very useful.


How about a general guideline along the lines of "if the commit message
says it fixes a vulnerability, reference the CVE; if no CVE can be
found, request one"?

-Jan

Attachment: _bin
Description:

Current thread:

R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- - - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)