This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Policy for posting security bug reports?

From: "Joseph S. Myers" <joseph at codesourcery dot com>
To: Rich Felker <dalias at aerifal dot cx>
Cc: <libc-alpha at sourceware dot org>
Date: Sun, 24 Jun 2012 14:29:41 +0000
Subject: Re: Policy for posting security bug reports?
References: <20120623010836.GA2651@brightrain.aerifal.cx><20120624033213.GE544@brightrain.aerifal.cx>

On Sat, 23 Jun 2012, Rich Felker wrote:

> After attempting to exploit the bug, I've found that a duplicate of
> the exact same integer overflow elsewhere in glibc seems to make it
> impossible to exploit, so I'm just going to post it to the bug
> tracker.

FWIW, I suspect there are quite a few integer overflow bugs still present 
in glibc; it would be a good class of bugs for anyone interested in 
security auditing to look for (although many such bugs are likely to be 
hard to exploit in practice).

-- 
Joseph S. Myers
joseph@codesourcery.com

References:
- Policy for posting security bug reports?
  - From: Rich Felker
- Re: Policy for posting security bug reports?
  - From: Rich Felker

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]