46744073709551615
(gdb) p len + 1
$2 = 0
We haven't looked yet where the overlap occurs, nor have a patch yet.
I did have to put "set weed=off" in .muttrc for the issue to present.
Cheers,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
cript STDIN/STDOUT/STDERR corruption
due to shared file descriptors."
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222
https://trac.xiph.org/ticket/2089
Cheers,
--
Murray McAllister / Red Hat Product Security
https://bugzilla.redhat.com/show_bug.cgi?id=1165880
--
To U
=767227
Could a CVE please be assigned?
Thanks,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
rt:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282
Could a CVE please be assigned?
Thanks,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On 06/20/2014 04:02 PM, Salvatore Bonaccorso wrote:
> Hello Murray,
>
> (keeping the Cc on the bureport to answer this also there):
>
> On Fri, Jun 20, 2014 at 03:46:30PM +1000, Murray McAllister wrote:
> [...]
>> The Debian bug also notes a similar issue was fixed in
http://manpages.ubuntu.com/manpages/precise/man1/softhsm-keyconv.1.html
Cheers,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi Ondřej,
As noted in <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752092>,
you fixed a similar issue in ldns. Are you able to share in details
about what the issue in ldns is?
Thanks,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dis
affected, which uses ctags
5.8-10.
Cheers,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
ot;
"MACs Not Compared in Constant Time"
"64-bit MACs"
"Editing Configuration File Disables MACs"
There are currently no patches.
I am not familiar enough with cryptography to know if they need CVEs, or
are considered hardening (the last one sounds CVE worthy th
will not allow
cross-origin xmlhttprequests with the content type set to
"application/json" but you can set it to "text/plain;application/json"
instead and bottle will accept it."
Can a CVE please be assigned if one has not been already?
Thanks,
--
Murray McAllister
Hello,
Jakub Wilk discovered that clang's scan-build utility insecurely handled
temporary files. Full details in his report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
Can a CVE please be assigned?
Cheers,
--
Murray McAllister / Red Hat Security Response Team
escaping ';' too if not already?)
Thanks,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi all,
The patch in https://bugzilla.redhat.com/show_bug.cgi?id=881411 possibly
fixes it. I am not familiar with the issue or tested extensively, but
with non-fixed version the page loaded fine, with the version in Fedora
(which that bugzilla is for) I get an SSL error.
--
Murray
filename with O_CREAT and O_EXCL (as perltidy does)?
I am not sure if these qualify for CVEs but I believe the
"perltidy.TMP" on Windows or Mac OS X etc would.
Thanks,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
nt NFS option.
Can a CVE please be assigned if one has not been already?
Thanks,
--
Murray McAllister / Red Hat Security Response Team
https://bugzilla.redhat.com/show_bug.cgi?id=1069066
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe&q
=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Cheers,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
iff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1056699
Thanks,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
On 02/06/2014 02:59 PM, Murray McAllister wrote:
Hello,
Jakub Wilk reported insecure temporary file use in f2py. From
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:
""
numpy/f2py/__init__.py contains this code:
from numpy.distutils.exec_command imp
bugzilla.redhat.com/show_bug.cgi?id=1062009
Thanks,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
if a release was
made to fix only part of the problem. So one ID is fine by us.
bug #27155 just contains some gdb output. Therefore I assumed it was
public and didn't check before sending it here.
Thanks for looking at this.
--
Murray McAllister / Red Hat Security Response Team
On 02/03/2014 05:12 PM, Murray McAllister wrote:
Hello,
Jakub Wilk found that a2ps, a tool to convert text and other types of
files to PostScript, insecurely used a temporary file in spy_user(). A
local attacker could use this flaw to perform a symbolic link attack to
modify an arbitrary file
://bugzilla.redhat.com/show_bug.cgi?id=1060630
Thanks,
--
Murray McAllister / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
22 matches
Mail list logo