CVE request - buffer overflow in xdelta3 before 3.0.9

[Stepan Golosunov <stepan () golosunov pp ru>]

Hi,

Buffer overflow was found and fixed in xdelta3 binary diff tool that
allows arbitrary code execution from input files at least on some
systems.

08.02.2016 в 06:57:12 +0100 Salvatore Bonaccorso написал:
> On Sun, Feb 07, 2016 at 07:05:12PM +0400, Stepan Golosunov wrote:
> > This appears to be fixed in xdelta3 3.0.9 and later via
> > https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
>
> Can you request a CVE as well on the oss-security mailinglist or from
> MITRE directly? (You can keep us in the loop).

Doing so.