> On Jan 15, 2019, at 03:06, Moritz Muehlenhoff <j...@inutil.org> wrote: > > On Mon, Jan 14, 2019 at 08:45:56PM -0500, Evan Miller wrote: >> Oddly, all four issues (#34, #35, #36, #37) seem to have disappeared from >> GitHub. I don’t know if the original reporter intended to close them, or >> what. >> >> I have an email copy of #34 but do not have access to the PoC files. So >> without the cooperation of the reporter (Zhao Liang, Huawei Weiran Labs) my >> ability to research will be limited. > > That's really strange, do you have the mail address of Zhao, could you ask > him what happened?
His address may be leon.zha...@gmail.com - I’ll try it. His GitHub profile is now a 404. > > MITRE doesn't archive security content per se, they only deal with the > organisation and assignment > of numbers. The Internet Archive's Wayback machine also hasn't archived the > Github pages. > > Cheers, > Moritz Here are the Google caches of #34 and #35: https://webcache.googleusercontent.com/search?q=cache:pgRHJwznP7wJ:https://github.com/evanmiller/libxls/issues/34+&cd=1&hl=en&ct=clnk&gl=us&client=safari https://webcache.googleusercontent.com/search?q=cache:5GNSeHQTzEsJ:https://github.com/evanmiller/libxls/issues/35+&cd=1&hl=en&ct=clnk&gl=us&client=safari The PoC links are dead. Looking at the backtraces and the commit fixing #36 and #37 (https://github.com/evanmiller/libxls/commit/24044ad7d7cec8a6a1c2370caad27890121a776e) it is my belief that issues #34 and #35 are NOT fixed. I’ll look into them soon. Evan