Re: [PATCH] re2c: backport of partial fix for CVE-2018-21232

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Davide Gardenal" <davidegarde2000@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] re2c: backport of partial fix for CVE-2018-21232
Date: Mon, 14 Mar 2022 07:35:37 -0700	[thread overview]
Message-ID: <8902.1647268537771385521@lists.openembedded.org> (raw)
In-Reply-To: <CAOSpxdZXurirkTARsX9pA7nS-euk06jRfiXkFqoDA5wfi6oGaQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

The official CVE description ( https://nvd.nist.gov/vuln/detail/CVE-2018-21232 ) only highlights a stack consumption in "find_fixed_tags" (and this is actually fixed and is one of the included patches) but as stated in the github issue ( https://github.com/skvadrik/re2c/issues/219 that is still open) there are also other recursion with the same problem and not all have been fixed by upstream. So we could say the CVE is "officially" fixed.
Tell me if I can remove the "partially" and add the CVE in the description, thanks.

[-- Attachment #2: Type: text/html, Size: 712 bytes --]

next prev parent reply	other threads:[~2022-03-14 14:35 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-14 11:20 [oe-core][PATCH] re2c: backport of partial fix for CVE-2018-21232 Davide Gardenal
2022-03-14 13:38 ` Richard Purdie
2022-03-14 13:45   ` [PATCH] " Davide Gardenal
2022-03-14 14:14 ` [oe-core][PATCH] " Steve Sakoman
2022-03-14 14:35   ` Davide Gardenal [this message]
2022-03-14 14:53     ` [OE-core] [PATCH] " Steve Sakoman
2022-03-14 15:22       ` Davide Gardenal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8902.1647268537771385521@lists.openembedded.org \
    --to=davidegarde2000@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.