[Bug 2024284] Re: SEGV vulnerability in command-line parser
The attachment "Fix memory initialization using calloc() in place of malloc()" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2024284 Title: SEGV vulnerability in command-line parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptmount/+bug/2024284/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2024284] Re: SEGV vulnerability in command-line parser
Apologize for not responding earlier! This slipped through my emails. > I know Canonical is also Root CNA, why are you redirecting to another CNA? Canonical is a CNA, not a Root CNA. I don't see how an _unprivileged_ attacker could leverage this bug to be a vulnerability. A clear proof of concept example would help demonstrate that this bug can become an exploit. Making issue public, since the GitHub issue is public https://github.com/rwpenney/cryptmount/issues/1 ** Bug watch added: github.com/rwpenney/cryptmount/issues #1 https://github.com/rwpenney/cryptmount/issues/1 ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2024284 Title: SEGV vulnerability in command-line parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptmount/+bug/2024284/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs