GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #120 received at 27429-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27429-done <at> debbugs.gnu.org
Subject: Re: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 20 Jul 2017 15:13:24 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jul 20, 2017 at 05:54:06PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > This is a place to discuss the "stack crash" bugs as they apply to our
> > packages.
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> 
> I think we can close this bug now, can’t we?

Yeah, I'm closing it.

I think the various mitigations we applied will change and improve over
time, but they can be discussed elsewhere once we know what they are.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)