Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160208071914.GB6074@sghpc.golosunov.pp.ru>
Date: Mon, 8 Feb 2016 11:19:14 +0400
From: Stepan Golosunov <stepan@...osunov.pp.ru>
To: oss-security@...ts.openwall.com
Cc: security@...ian.org, Salvatore Bonaccorso <carnil@...ian.org>
Subject: CVE request - buffer overflow in xdelta3 before 3.0.9

Hi,

Buffer overflow was found and fixed in xdelta3 binary diff tool that
allows arbitrary code execution from input files at least on some
systems.

08.02.2016 в 06:57:12 +0100 Salvatore Bonaccorso написал:
> On Sun, Feb 07, 2016 at 07:05:12PM +0400, Stepan Golosunov wrote:
> > This appears to be fixed in xdelta3 3.0.9 and later via
> > https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
> 
> Can you request a CVE as well on the oss-security mailinglist or from
> MITRE directly? (You can keep us in the loop).

Doing so.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.