Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53E070A8.4040508@redhat.com>
Date: Tue, 05 Aug 2014 15:50:32 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
CC: submit@...ec.org
Subject: CVE request: issues in ISO C++ 2011 regex library

Hello,

Maksymilian Arciemowicz reported a number of issues in the ISO C++ 2011 
regex libraries:

http://seclists.org/fulldisclosure/2014/Aug/1

Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582

http://llvm.org/bugs/show_bug.cgi?id=20291

For the memory corruption bug (61582), there seems to be more than one 
issue here (at least a heap-based buffer overflow and a stack overflow 
of some sort). Can a single CVE be assigned, or do you need specific 
details for each issue (I don't currently have those)?

With GCC 4.8 in Fedora, the affected program needs to be compiled using 
the "-std=c++11" option.

Thanks,

--
Murray McAllister / Red Hat Product Security

https://bugzilla.redhat.com/show_bug.cgi?id=1126688
https://bugzilla.redhat.com/show_bug.cgi?id=1126691
https://bugzilla.redhat.com/show_bug.cgi?id=1126695

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.