On Thu, Apr 24, 2025 at 09:06:26PM +0200, Jakub Wilk wrote:
> * Solar Designer , 2025-04-24 20:32:
> >There appears to be a growing trend towards calling OOB reads "buffer
> >overflows".
>
> Part of the problem may be that AddressSanitizer uses this unforuntate
> terminology; you get something l
On Thu, Apr 24, 2025 at 07:09:44PM -0400, Demi Marie Obenour wrote:
> On 4/24/25 3:09 AM, Albert Veli wrote:
> > On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> > wrote:
> >> FTR, this one has assigned CVE-2025-46394
> >> ...
> >> FTR, this one has CVE-2024-58251 assigned.
> >
> > From w
On 4/24/25 3:09 AM, Albert Veli wrote:
> Hi,
>
> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> wrote:
>
>>
>> FTR, this one has assigned CVE-2025-46394
>> ...
>> FTR, this one has CVE-2024-58251 assigned.
>
> From what I can tell the latest release is busybox-1.37.0. Are these fixed
>
Hi Solar, all,
Sorry for the late reply, and thank you very much for looking into this
and for asking all the good questions! What follows is mainly based on
scrappy notes from January, but hopefully it will still be useful.
On Sun, Apr 13, 2025 at 03:11:48AM +0200, Solar Designer wrote:
> On thi
* Solar Designer , 2025-04-24 20:32:
There appears to be a growing trend towards calling OOB reads "buffer
overflows".
Part of the problem may be that AddressSanitizer uses this unforuntate
terminology; you get something like this:
==7802==ERROR: AddressSanitizer: stack-buffer-overflow o
Hi,
Thank you for bringing this to oss-security! As I also communicated
privately, as a moderator I had to repair this message's content prior
to approving it because the text/plain section was garbled to the point
of being unreadable. This is why the delay (message received April 22,
approved A
A heap buffer overflow vulnerability exists in `QTextMarkdownImporter`.
When parsing the front matter of a Markdown file, the code assumes that
more characters (e.g., a newline) will be present in the input after
finding the closing marker `---`. However, if the input stream ends with
the `` de
On Thursday, 24 April 2025 at 17:16 Albert Veli wrote:
> On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
> wrote:
> > FTR, this one has assigned CVE-2025-46394
> From what I can tell the latest release is busybox-1.37.0. Are these fixed
> in this release? If not, do you have any link to p
On Wednesday 23 April 2025 at 17:04 Jakub Wilk wrote
> > CVE-2023-39810
> But it seems busybox committed a different patch, which looks good:
> https:/git.busybox.net/busybox/commit/?id=9a8796436b9b0641
> ("archival: disallow path traversals (CVE-2023-39810)")
>
> The essence of the patch is:
>
>
Hi,
On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
wrote:
>
> FTR, this one has assigned CVE-2025-46394
> ...
> FTR, this one has CVE-2024-58251 assigned.
>From what I can tell the latest release is busybox-1.37.0. Are these fixed
in this release? If not, do you have any link to patches
10 matches
Mail list logo
