From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 19 Jun 2017 19:05:10 -0400
Message-ID: <20170619230510.GA16724@jasmine.lan>
References: <20170619222550.GA29289@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51686)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dN5kF-0004xE-Rc
	for bug-guix@gnu.org; Mon, 19 Jun 2017 19:06:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dN5kB-0002za-Co
	for bug-guix@gnu.org; Mon, 19 Jun 2017 19:06:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:54027)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dN5kA-0002zW-Sy
	for bug-guix@gnu.org; Mon, 19 Jun 2017 19:06:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dN5kA-00073i-Hh
	for bug-guix@gnu.org; Mon, 19 Jun 2017 19:06:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.27429.B27429.149791351527077@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <20170619222550.GA29289@jasmine.lan>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 27429@debbugs.gnu.org


--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I'm currently testing the patch for CVE-2017-1000369 in Exim:

https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21

"To reach the start of the stack with the end of the heap (man brk), we
permanently leak memory through multiple -p command-line arguments that
are malloc()ated by Exim but never free()d (CVE-2017-1000369) -- we call
such a malloc()ated chunk of heap memory a "memleak-chunk"."

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIWKIACgkQJkb6MLrK
fwjGbhAAtGi7ju9SYU5rGssDK+pk+0TJslBqPo8jwA/ba0qX0yqX2at8W7QB1sKV
cTKl4Mk+l91yv4z3jFnN24tGCbbq+6RqN4V84tBe1K2A/wMGXi9F8kGqvKVKHbNA
LY3CBP12nsBw4NVjTqYjv53YvOHdYGEFwciSdv0+k+E1a+10Bc8jgcLfiDUL4L6a
JyjMoGYjiKXKySSgCr3RHTzRMW6YG0IzlLcq32CMrtah0dhRvmAwGRSV89pR55YB
PSLoUSvSNdXLkRaUUMN3VIyO2M7cuv3u99ytMpaj1eubU7kkR+l9f6bhUhWn2RYc
N+B7yNJSj/pLI41IpN9kVaGFutHVRjnGPCYqaVu0KwCxjntZ13jbD+g6ReyBJ4zn
ajLY6wqi4SXtANbO5IcliS/aIYOe8441DzNYNZ3AHaVlUWielRuq8xj3bJqpsxCZ
2F2C+fG+xSrr/WiDO8zJqBmkdPcEpRX5iSzrm1t1bIEYrYSB46yeb05dOhhZrvam
1/0domfmu2ctUgIf/CVBA6XdoAQOTIksMsrEuBZlzqhDH/dobZ+KD9EDSH7MYgNZ
RmuScBUaMtRG2+D42bKuT81IeA6qsw/g/cMhccU/xkkyX+q9EHS48uD2x70+Rt7l
Q3nifYkQHpxkJNCHq4kM3ThLloYkxC8dNFPxUwqk3wk5RAePNwk=
=eUdb
-----END PGP SIGNATURE-----

--opJtzjQTFsWo+cga--