GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org, bug-strong-list <at> debbugs.gnu.org
Subject: bug#27429: closed (Stack clash (CVE-2017-1000366 etc))
Date: Thu, 20 Jul 2017 19:14:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 20 Jul 2017 15:13:24 -0400
with message-id <20170720191324.GB18030 <at> jasmine.lan>
and subject line Re: bug#27429: Stack clash (CVE-2017-1000366 etc)
has caused the debbugs.gnu.org bug report #27429,
regarding Stack clash (CVE-2017-1000366 etc)
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
27429: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27429
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 19 Jun 2017 18:25:50 -0400

[Message part 3 (text/plain, inline)]
This is a place to discuss the "stack crash" bugs as they apply to our
packages.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27429-done <at> debbugs.gnu.org
Subject: Re: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 20 Jul 2017 15:13:24 -0400

[Message part 6 (text/plain, inline)]
On Thu, Jul 20, 2017 at 05:54:06PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > This is a place to discuss the "stack crash" bugs as they apply to our
> > packages.
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> 
> I think we can close this bug now, can’t we?

Yeah, I'm closing it.

I think the various mitigations we applied will change and improve over
time, but they can be discussed elsewhere once we know what they are.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.