From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Date: Mon, 19 Jun 2017 18:25:50 -0400 Message-ID: <20170619222550.GA29289@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN58T-0003Ff-1J for bug-guix@gnu.org; Mon, 19 Jun 2017 18:27:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN58Q-0003hT-ET for bug-guix@gnu.org; Mon, 19 Jun 2017 18:27:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:54005) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dN58Q-0003hP-AS for bug-guix@gnu.org; Mon, 19 Jun 2017 18:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dN58Q-00067e-4e for bug-guix@gnu.org; Mon, 19 Jun 2017 18:27:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44838) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN57L-0003DV-F1 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN57I-0003Gc-SB for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:55 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:36253) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN57I-0003Et-66 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:52 -0400 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 129DD7E545 for ; Mon, 19 Jun 2017 18:25:51 -0400 (EDT) Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27429@debbugs.gnu.org --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This is a place to discuss the "stack crash" bugs as they apply to our packages. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIT2oACgkQJkb6MLrK fwgcVxAAwDdV1X/XqNDGjbBvaqWB6ZhCMHA6yI3OukdtkmEoO+SHcXcdJdVjfHUJ JdD4nRPEvowrHY4CSm1ls5AOgKYcL3MVZHGz+cDYs+Lo4gbdCnM87d1/6HqmyLKc p6xydZ1DfY3dIIraOGZ/cb9Y7a49WDnjl/b9wzEAuL/YIS5uDWr2W7VIJeTXR18z dcHb8UNfKmFjAg1dHQgxSenjl5Q0fUKlzjH5cwmX7x8WHepJrY51CKfbLDazGx2r 86azNANb0Mh7uPPhGxEgTbn0e2yiMbGGChYeohmbG0/SaWTRTxMV9JbdBdn2WJUy HHHevWvMp+FOlHKU/hcmqrHQkFTAYfgkSzdrk1d8t/rIL3N80ZxFrmb7KHXW6unH Lwnv7p+XLhTFkNIpF8/TR9XyWcoldBsltDP85pQmZAFoYfqPxsuVNie/9pWAdy7d 40sdeyHEMJqcC/PwDXmAoLluHLXfBWQ7w94gD4GxLjIp83vS+nERSvWNCrkN8NxP a5KS5F5iK0uLyGNJWKk8zm4WlmceupEhDuyRyTAv58L2IxINPxzIYao+1FmHR6yM dcIPiQmD7UJ3d6MoaUi9i9jclDXA3xHmtywcicYkHSLJ4elYLU4frej3M7JLxurt zjbrGy4TDYdKXI8UU8Cl10fTtCMXT+WbZrWlHD2BoTMTXemF7wI= =ypcD -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl--