This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.

From: Will Newton <will dot newton at linaro dot org>
To: Allan McRae <allan at archlinux dot org>
Cc: Russ Allbery <rra at stanford dot edu>, Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 13 Sep 2013 09:28:13 +0100
Subject: Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
Authentication-results: sourceware.org; auth=none
References: <522F1BA7 dot 7070102 at linaro dot org> <CAAHN_R0gdT6M=gq=yTWV5xZ47eEu1iDRQXMKK1sKNk_i-PEVaA at mail dot gmail dot com> <CANu=Dmh4QkKogpXHO0P2YN2szLhQuyVz+UnYGzgcbpj+ODKKOw at mail dot gmail dot com> <CAAHN_R0SXm8RMQGDw+ASBZRH9bNvfzng0Vp+6CUpV2NM+m_KzA at mail dot gmail dot com> <CANu=Dmivg6AY+_jLmQYomvod4iEU5EK=XWsZHHtgP9hB-D2k9w at mail dot gmail dot com> <CAAHN_R3nYeCUXm0Pn0JLpb3hiUX1wO7cUqVD-QNdc=uzorV8Xw at mail dot gmail dot com> <87ob7yhjcj dot fsf at windlord dot stanford dot edu> <CANu=DmivEL2aBmZtO+t4oAVTPmqMcgrzZC+oPcFZC4CMBQqB-Q at mail dot gmail dot com> <52324051 dot 70208 at archlinux dot org>

On 12 September 2013 23:29, Allan McRae <allan@archlinux.org> wrote:
> On 12/09/13 17:24, Will Newton wrote:
>> On 12 September 2013 03:19, Russ Allbery <rra@stanford.edu> wrote:
>>> Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com> writes:
>>>> On 11 September 2013 16:02, Will Newton <will.newton@linaro.org> wrote:
>>>
>>>>> I'm not sure what the process is here, MAINTAINERS on the wiki has a
>>>>> link to CERT, but I aware that there are folks who work for CVE issuing
>>>>> authorities on this list. ;-)
>>>
>>>> I've seen people emailing requests for CVE numbers on the oss-security
>>>> mailing list (oss-security at lists dot openwall dot com).
>>>
>>> For some reason, this document is remarkably hard to find in Google, but
>>> here's the process:
>>>
>>>     https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
>>
>> Thanks, the issue has been assigned CVE-2013-4332.
>>
>
> Now there is a CVE assigned, it would be good to add a NEWS entry saying
> it has been fixed.

Done.

-- 
Will Newton
Toolchain Working Group, Linaro

References:
- [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Will Newton
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Siddhesh Poyarekar
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Will Newton
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Siddhesh Poyarekar
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Will Newton
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Siddhesh Poyarekar
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Russ Allbery
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Will Newton
- Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
  - From: Allan McRae

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]