bug#27429: Stack clash (CVE-2017-1000366 etc)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From:	Leo Famulari
Subject:	bug#27429: Stack clash (CVE-2017-1000366 etc)
Date:	Thu, 20 Jul 2017 15:13:24 -0400
User-agent:	Mutt/1.8.3 (2017-05-23)

On Thu, Jul 20, 2017 at 05:54:06PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> 
> > This is a place to discuss the "stack crash" bugs as they apply to our
> > packages.
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> 
> I think we can close this bug now, can’t we?

Yeah, I'm closing it.

I think the various mitigations we applied will change and improve over
time, but they can be discussed elsewhere once we know what they are.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/07/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari <=

Prev by Date: bug#27759: NTP pool vendor zone
Next by Date: bug#27735: Lookup by UUID
Previous by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Next by thread: bug#27778: Changing package source URLs from git:// to https://
Index(es):
- Date
- Thread