Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130509130338.GB11765@frohike.xs4all.nl>
Date: Thu, 9 May 2013 15:03:38 +0200
From: Peter Bex <Peter.Bex@...all.nl>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)

On Wed, May 08, 2013 at 11:07:02PM +0200, Peter Bex wrote:
> There are two commits which together fix the bug:
> http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7
> http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091

Correction, this introduced a bug on systems where connect() can return
EINPROGRESS, resulting in an exception being raised when connecting to a
socket and immediately writing to it.  A third patch is required to fix
this bug:
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f

Cheers,
Peter
-- 
http://www.more-magic.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.