[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (sele
Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
Sat, 11 May 2013 12:53:01 +0200
On Wed, May 08, 2013 at 08:18:21PM +0200, Peter Bex wrote:
> Recently, we fixed a problem related to the use of POSIX select(),
> which was assigned CVE-2012-6122.
> See http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html
> for more details on the original bug.
> We fixed the scheduler, but there remained other places in CHICKEN where
> select() was still in use:
> These have now also been rewritten in terms of POSIX poll(), where
> available. This is on all supported platforms except Windows.
This remaining problem has been assigned CVE-2013-2075.
Thanks to Joerg Wittenberger and Florian Zumbiehl for identifying
The CHICKEN Team