From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14508 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Moritz Muehlenhoff Newsgroups: gmane.comp.security.oss.general,gmane.linux.lib.musl.general Subject: Re: CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Date: Tue, 6 Aug 2019 09:16:09 +0200 Message-ID: <20190806071609.nsp67arh7gganbvy@inutil.org> References: <20190805232737.GA11260@brightrain.aerifal.cx> Reply-To: oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="116670"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: NeoMutt/20170113 (1.7.2) Cc: musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org To: oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org Original-X-From: oss-security-return-25387-gcsos-oss-security=m.gmane.org-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org Tue Aug 06 09:17:59 2019 Return-path: Envelope-to: gcsos-oss-security@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1hutjL-000UEx-O7 for gcsos-oss-security@m.gmane.org; Tue, 06 Aug 2019 09:17:59 +0200 Original-Received: (qmail 5666 invoked by uid 550); 6 Aug 2019 07:16:21 -0000 Mailing-List: contact oss-security-help-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 5629 invoked from network); 6 Aug 2019 07:16:20 -0000 Content-Disposition: inline In-Reply-To: <20190805232737.GA11260-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org> Xref: news.gmane.org gmane.comp.security.oss.general:25496 gmane.linux.lib.musl.general:14508 Archived-At: On Mon, Aug 05, 2019 at 07:27:37PM -0400, Rich Felker wrote: > I've discovered a flaw in musl libc's arch-specific math assembly code > for i386, whereby at least the log1p function and possibly others > return with more than one item on the x87 stack. Given that the Subject: mentions a CVE request; these are no longer handled via the oss-security mailing list. Please use https://cveform.mitre.org/ instead. Cheers, Moritz