| Message ID | 20200712195913.2553350-1-aurelien@aurel32.net |
|---|---|
| State | New |
| Headers | show |
| Series | Add NEWS entry for CVE-2020-6096 (bug 25620) | expand |
* Aurelien Jarno: > + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and > + memmove functions has been fixed. Should we mention the reporter? Please also remove the XFAIL added in commit eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks.
On 7/12/20 4:46 PM, Florian Weimer wrote: > * Aurelien Jarno: > >> + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and >> + memmove functions has been fixed. > > Should we mention the reporter? > > Please also remove the XFAIL added in commit > eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks. > Yes, we should mention the reporter. Please and thank you. The "Credit" in the Talos report says: ~~~ Discovered by Jason Royes of Cisco Security Assessment and Penetration Team. Discovered by Samuel Dytrych of Cisco Security Assessment and Penetration Team. ~~~ Thus I think it would be good to list: "Discovered by Jason Royes and Samual Dytrych of the Cisco Security Assessment and Penetration Team (See TALOS-2020-1019). If you look here you can see similar credit: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
diff --git a/NEWS b/NEWS index 92dcb77fef0..cd8a46fdc71 100644 --- a/NEWS +++ b/NEWS @@ -159,6 +159,9 @@ Security related changes: CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and + memmove functions has been fixed. + The following bugs are resolved with this release: [The release manager will add the list generated by