Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (sele

chicken-announce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (sele

From:	Peter Bex
Subject:	Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
Date:	Sat, 11 May 2013 12:53:01 +0200
User-agent:	Mutt/1.4.2.3i

On Wed, May 08, 2013 at 08:18:21PM +0200, Peter Bex wrote:
> Recently, we fixed a problem related to the use of POSIX select(),
> which was assigned CVE-2012-6122.
> See http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html
> for more details on the original bug.
> 
> We fixed the scheduler, but there remained other places in CHICKEN where
> select() was still in use:
> 
[...]
> 
> These have now also been rewritten in terms of POSIX poll(), where
> available.  This is on all supported platforms except Windows.

This remaining problem has been assigned CVE-2013-2075.

Thanks to Joerg Wittenberger and Florian Zumbiehl for identifying
this problem.

Kind regards,
The CHICKEN Team

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun), Peter Bex, 2013/05/08
- Re: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun), Peter Bex <=

Prev by Date: Re: [Chicken-announce] [Chicken-users] [ANN] usb egg v0.1.0 is released
Next by Date: [Chicken-announce] Protocol Buffers for CHICKEN
Previous by thread: [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
Next by thread: Re: [Chicken-announce] [Chicken-users] [ANN] usb egg v0.1.0 is released
Index(es):
- Date
- Thread