* [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
@ 2020-07-12 19:59 Aurelien Jarno
2020-07-12 20:46 ` Florian Weimer
0 siblings, 1 reply; 3+ messages in thread
From: Aurelien Jarno @ 2020-07-12 19:59 UTC (permalink / raw)
To: libc-alpha
---
NEWS | 3 +++
1 file changed, 3 insertions(+)
diff --git a/NEWS b/NEWS
index 92dcb77fef0..cd8a46fdc71 100644
--- a/NEWS
+++ b/NEWS
@@ -159,6 +159,9 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
+ CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+ memmove functions has been fixed.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
--
2.27.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
2020-07-12 19:59 [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620) Aurelien Jarno
@ 2020-07-12 20:46 ` Florian Weimer
2020-07-13 18:29 ` Carlos O'Donell
0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2020-07-12 20:46 UTC (permalink / raw)
To: Aurelien Jarno; +Cc: libc-alpha
* Aurelien Jarno:
> + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> + memmove functions has been fixed.
Should we mention the reporter?
Please also remove the XFAIL added in commit
eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
2020-07-12 20:46 ` Florian Weimer
@ 2020-07-13 18:29 ` Carlos O'Donell
0 siblings, 0 replies; 3+ messages in thread
From: Carlos O'Donell @ 2020-07-13 18:29 UTC (permalink / raw)
To: Florian Weimer, Aurelien Jarno; +Cc: libc-alpha
On 7/12/20 4:46 PM, Florian Weimer wrote:
> * Aurelien Jarno:
>
>> + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
>> + memmove functions has been fixed.
>
> Should we mention the reporter?
>
> Please also remove the XFAIL added in commit
> eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks.
>
Yes, we should mention the reporter. Please and thank you.
The "Credit" in the Talos report says:
~~~
Discovered by Jason Royes of Cisco Security Assessment and Penetration Team.
Discovered by Samuel Dytrych of Cisco Security Assessment and Penetration Team.
~~~
Thus I think it would be good to list:
"Discovered by Jason Royes and Samual Dytrych of the
Cisco Security Assessment and Penetration Team (See TALOS-2020-1019).
If you look here you can see similar credit:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
--
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-13 18:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-12 19:59 [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620) Aurelien Jarno
2020-07-12 20:46 ` Florian Weimer
2020-07-13 18:29 ` Carlos O'Donell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).