GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#27429: closed (Re: bug#27429: Stack clash (CVE-2017-1000366 etc))
Date: Thu, 20 Jul 2017 19:14:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#27429: Stack clash (CVE-2017-1000366 etc)

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 27429 <at> debbugs.gnu.org.

-- 
27429: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27429
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27429-done <at> debbugs.gnu.org
Subject: Re: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 20 Jul 2017 15:13:24 -0400

[Message part 3 (text/plain, inline)]
On Thu, Jul 20, 2017 at 05:54:06PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > This is a place to discuss the "stack crash" bugs as they apply to our
> > packages.
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> 
> I think we can close this bug now, can’t we?

Yeah, I'm closing it.

I think the various mitigations we applied will change and improve over
time, but they can be discussed elsewhere once we know what they are.

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 19 Jun 2017 18:25:50 -0400

[Message part 6 (text/plain, inline)]
This is a place to discuss the "stack crash" bugs as they apply to our
packages.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.