Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci

From:	Moritz Heidkamp
Subject:	Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci]
Date:	Thu, 29 Jan 2015 18:51:34 +0100

On 12 January 2015 17:29 CET, Moritz Heidkamp wrote:

> the substring-index[-ci] procedures of the data-structures unit are
> vulnerable to a buffer overrun attack when passed an integer greater
> than zero as the optional START argument. This issue was fixed in master
> (25db851) and chicken-5 (63d0445) via the patch discussed at
> http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html.

This vulnerability was assigned CVE-2014-9651.

Kind regards,
The CHICKEN team

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci], Moritz Heidkamp, 2015/01/12
- Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci], Moritz Heidkamp, 2015/01/12
- Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci], Moritz Heidkamp <=

Prev by Date: [Chicken-users] maintaining posix-extras
Next by Date: [Chicken-users] Fresh CHICKEN - trouble with readline
Previous by thread: Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci]
Next by thread: Re: [Chicken-users] csc/csi man pages deficient
Index(es):
- Date
- Thread