Awesome, thanks for the update!
On Tue, Feb 25, 2025, 9:59 AM Tom Rini wrote:
> On Sat, Feb 22, 2025 at 12:47:45PM -0800, Jonathan Bar Or wrote:
>
> > Hello Tom and team,
> >
> > Looks like all of the issues were fixed and merged - am I correct?
> > I intend to make a public disclosure March 19t
On Sat, Feb 22, 2025 at 12:47:45PM -0800, Jonathan Bar Or wrote:
> Hello Tom and team,
>
> Looks like all of the issues were fixed and merged - am I correct?
> I intend to make a public disclosure March 19th, is that okay?
Yes, I've merged all of the patches I'm aware of at this point.
>
> Bes
Hello Tom and team,
Looks like all of the issues were fixed and merged - am I correct?
I intend to make a public disclosure March 19th, is that okay?
Best,
Jonathan
On Fri, Feb 14, 2025 at 7:24 PM Jonathan Bar Or wrote:
>
> Please disregard the previous message, those are the actual CVE
Please disregard the previous message, those are the actual CVE numbers:
- CVE-2025-26726 :SquashFS directory table parsing buffer overflow
- CVE-2025-26727: SquashFS inode parsing buffer overflow.
- CVE-2025-26728: SquashFS nested file reading buffer overflow.
- CVE-2025-26729: EroFS symlink reso
Hi folks.
Here are the CVEs assigned by MITRE:
- CVE-2025-26721: buffer overflow in the persistent storage for file creation
- CVE-2025-26722: buffer overflow in SquashFS symlink resolution
- CVE-2025-26723: buffer overflow in EXT4 symlink resolution
- CVE-2025-26724: buffer overflow in CramFS sym
Hello Tom,
On 11/02/2025 at 15:29:09 -06, Tom Rini wrote:
> On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote:
>> Hi Tom and the rest of the team,
>>
>> Please let me know about fix time, whether this is acknowledged and
>> whether you're going to request CVE IDs for those or if I
Thank you, I've reached out to MITRE for CVE numbers, I will
communicate them once assigned (hopefully within a few days).
Best regards,
Jonathan
On Tue, Feb 11, 2025 at 1:29 PM Tom Rini wrote:
>
> On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote:
> > Hi Tom and the
On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote:
> Hi Tom and the rest of the team,
>
> Please let me know about fix time, whether this is acknowledged and
> whether you're going to request CVE IDs for those or if I should do
> it.
> The reason is that I found similar issues in oth
Hi Tom and the rest of the team,
Please let me know about fix time, whether this is acknowledged and
whether you're going to request CVE IDs for those or if I should do
it.
The reason is that I found similar issues in other bootloaders, so I'm
trying to synchronize all of them. For what it's worth
Hi Tom,
On 2025/2/11 00:41, Tom Rini wrote:
On Fri, Feb 07, 2025 at 09:53:01AM -0800, Jonathan Bar Or wrote:
Thank you.
So, I'm attaching my findings in a md file - see attachment.
All of those could be avoided by using safe math, such as
__builtin_mul_overflow and __builtin_add_overflow, whi
On Fri, Feb 07, 2025 at 09:53:01AM -0800, Jonathan Bar Or wrote:
> Thank you.
>
> So, I'm attaching my findings in a md file - see attachment.
> All of those could be avoided by using safe math, such as
> __builtin_mul_overflow and __builtin_add_overflow, which are used in some
> modules in Das-U
11 matches
Mail list logo
