This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Directory traversal in `ar`

From: Alexander Cherepanov <cherepan at mccme dot ru>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Wed, 07 Jan 2015 17:11:51 +0300
Subject: Re: Directory traversal in `ar`

On 2015-01-05 22:16, Alexander Cherepanov wrote:
> On 2014-12-30 01:17, Alexander Cherepanov wrote:
>> On 2014-12-29 03:00, Mark Wielaard wrote:
>>>>> BTW. For patches we require people to follow the guidelines in the
>>>>> CONTRIBUTING file (in particular we require a Signed-off-by line):
>>>>> https://git.fedorahosted.org/cgit/elfutils.git/tree/CONTRIBUTING
>>>>
>>>> Sorry, a better patch attached.
>>>
>>> The patch looks perfect and I agree with your analysis.
>>> Pushed as is to master.
>>
>> Cook, thanks!
>
> Hm, s/Cook/Cool/
>
>> CVE request is here:
>> http://www.openwall.com/lists/oss-security/2014/12/29/2
>
> CVE-2014-9486 is assigned here:
> http://www.openwall.com/lists/oss-security/2015/01/03/9

Hm, two CVEs were erroneously issued for this issue and CVE-2014-9486 
was REJECTed in the end. The right one is CVE-2014-9447.

http://www.openwall.com/lists/oss-security/2015/01/07/3

-- 
Alexander Cherepanov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]