From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14508
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Moritz Muehlenhoff <jmm-FcyoKOIOl1Adnm+yROfE0A@public.gmane.org>
Newsgroups: gmane.comp.security.oss.general,gmane.linux.lib.musl.general
Subject: Re: CVE request: musl libc 1.1.23 and earlier x87
 float stack imbalance
Date: Tue, 6 Aug 2019 09:16:09 +0200
Message-ID: <20190806071609.nsp67arh7gganbvy@inutil.org>
References: <20190805232737.GA11260@brightrain.aerifal.cx>
Reply-To: oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="116670"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: NeoMutt/20170113 (1.7.2)
Cc: musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org
To: oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org
Original-X-From: oss-security-return-25387-gcsos-oss-security=m.gmane.org-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org Tue Aug 06 09:17:59 2019
Return-path: <oss-security-return-25387-gcsos-oss-security=m.gmane.org-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>
Envelope-to: gcsos-oss-security@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <oss-security-return-25387-gcsos-oss-security=m.gmane.org-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>)
	id 1hutjL-000UEx-O7
	for gcsos-oss-security@m.gmane.org; Tue, 06 Aug 2019 09:17:59 +0200
Original-Received: (qmail 5666 invoked by uid 550); 6 Aug 2019 07:16:21 -0000
Mailing-List: contact oss-security-help-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>
List-Help: <mailto:oss-security-help-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>
List-Unsubscribe: <mailto:oss-security-unsubscribe-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>
List-Subscribe: <mailto:oss-security-subscribe-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org>
List-ID: <oss-security.lists.openwall.com>
Original-Received: (qmail 5629 invoked from network); 6 Aug 2019 07:16:20 -0000
Content-Disposition: inline
In-Reply-To: <20190805232737.GA11260-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
Xref: news.gmane.org gmane.comp.security.oss.general:25496 gmane.linux.lib.musl.general:14508
Archived-At: <http://permalink.gmane.org/gmane.comp.security.oss.general/25496>

On Mon, Aug 05, 2019 at 07:27:37PM -0400, Rich Felker wrote:
> I've discovered a flaw in musl libc's arch-specific math assembly code
> for i386, whereby at least the log1p function and possibly others
> return with more than one item on the x87 stack.

Given that the Subject: mentions a CVE request; these are no longer
handled via the oss-security mailing list. Please use
https://cveform.mitre.org/ instead.

Cheers,
        Moritz