Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87oaosqkgt.fsf@mid.deneb.enyo.de>
Date: Tue, 17 Feb 2015 22:47:14 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request - bitbake

* Maxin John:

> Executing "bitbake -g -u depexp <package>" when DISPLAY is not
> properly set causes segfault and a denial of service (through OOM) via
> a crafted script.
>
> Bug Report URL:
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7299

I'm not sure if this is a security vulnerability in Bitbake.  It's a
build tool, right?  If the build jobs are not constraint externally,
the build commands could cause resource exhaustion in their own right,
I think.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.