This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: alloca vs malloc


On Fri, 16 May 2014, Jeff Law wrote:

> > E.g. bug 16618 (something I'd have
> > thought would be a natural case for a CVE - wscanf may not be widely used,
> > but it's still a buffer overrun if wscanf is used -
> More likely nobody's contacted the appropriate folks.  Sounds like it'd be
> worth of a CVE to me.

I'm sort of presuming that some distribution security people are watching 
for newly filed glibc bugs that seem CVE-worthy, and requesting CVEs.

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]