[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (sele

From: Peter Bex
Subject: Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
Date: Sat, 11 May 2013 12:53:01 +0200
User-agent: Mutt/

On Wed, May 08, 2013 at 08:18:21PM +0200, Peter Bex wrote:
> Recently, we fixed a problem related to the use of POSIX select(),
> which was assigned CVE-2012-6122.
> See
> for more details on the original bug.
> We fixed the scheduler, but there remained other places in CHICKEN where
> select() was still in use:
> These have now also been rewritten in terms of POSIX poll(), where
> available.  This is on all supported platforms except Windows.

This remaining problem has been assigned CVE-2013-2075.

Thanks to Joerg Wittenberger and Florian Zumbiehl for identifying
this problem.

Kind regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]