public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
@ 2020-07-12 19:59 Aurelien Jarno
  2020-07-12 20:46 ` Florian Weimer
  0 siblings, 1 reply; 3+ messages in thread
From: Aurelien Jarno @ 2020-07-12 19:59 UTC (permalink / raw)
  To: libc-alpha

---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 92dcb77fef0..cd8a46fdc71 100644
--- a/NEWS
+++ b/NEWS
@@ -159,6 +159,9 @@ Security related changes:
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
+  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+  memmove functions has been fixed.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
-- 
2.27.0


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
  2020-07-12 19:59 [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620) Aurelien Jarno
@ 2020-07-12 20:46 ` Florian Weimer
  2020-07-13 18:29   ` Carlos O'Donell
  0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2020-07-12 20:46 UTC (permalink / raw)
  To: Aurelien Jarno; +Cc: libc-alpha

* Aurelien Jarno:

> +  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> +  memmove functions has been fixed.

Should we mention the reporter?

Please also remove the XFAIL added in commit
eca1b233322914d9013f3ee4aabecaadc9245abd.  Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620)
  2020-07-12 20:46 ` Florian Weimer
@ 2020-07-13 18:29   ` Carlos O'Donell
  0 siblings, 0 replies; 3+ messages in thread
From: Carlos O'Donell @ 2020-07-13 18:29 UTC (permalink / raw)
  To: Florian Weimer, Aurelien Jarno; +Cc: libc-alpha

On 7/12/20 4:46 PM, Florian Weimer wrote:
> * Aurelien Jarno:
> 
>> +  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
>> +  memmove functions has been fixed.
> 
> Should we mention the reporter?
> 
> Please also remove the XFAIL added in commit
> eca1b233322914d9013f3ee4aabecaadc9245abd.  Thanks.
> 

Yes, we should mention the reporter. Please and thank you.

The "Credit" in the Talos report says:
~~~
Discovered by Jason Royes of Cisco Security Assessment and Penetration Team.   
Discovered by Samuel Dytrych of Cisco Security Assessment and Penetration Team.
~~~

Thus I think it would be good to list:
"Discovered by Jason Royes and Samual Dytrych of the 
Cisco Security Assessment and Penetration Team (See TALOS-2020-1019). 

If you look here you can see similar credit:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019

-- 
Cheers,
Carlos.


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-13 18:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-12 19:59 [PATCH] Add NEWS entry for CVE-2020-6096 (bug 25620) Aurelien Jarno
2020-07-12 20:46 ` Florian Weimer
2020-07-13 18:29   ` Carlos O'Donell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).