Re: HFS+ specific vulnerability

To: debian-lts@lists.debian.org
Subject: Re: HFS+ specific vulnerability
From: Brian May <bam@debian.org>
Date: Mon, 06 Jun 2016 08:27:35 +1000
Message-id: <[🔎] 87eg8b6zl4.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20160603114527.GA30096@lorien.valinor.li>
References: <[🔎] 871t4g9h01.fsf@prune.linuxpenguins.xyz> <[🔎] 1464853872.2847.92.camel@decadent.org.uk> <[🔎] 8760tq91jf.fsf@prune.linuxpenguins.xyz> <[🔎] 8737ou8zpp.fsf@prune.linuxpenguins.xyz> <[🔎] 87zir27kqw.fsf@prune.linuxpenguins.xyz> <[🔎] 20160603114527.GA30096@lorien.valinor.li>

Salvatore Bonaccorso <carnil@debian.org> writes:

> Maybe it is worth additionally checking with the reporter of the
> issues at TALOS, since
> http://www.talosintel.com/reports/TALOS-2016-0093/ claims that as well
> 9.20 is affected.

I asked here https://twitter.com/penguin_brian/status/739583514153091072

I note the following code which is the same (if my arithmetic is
correct):

const UInt32 kBufSize = (1 << 16);

In report this is:

const size_t kBufSize = kCompressionBlockSize; // 0x10000

However everything else looks very different.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: HFS+ specific vulnerability
  - From: Brian May <bam@debian.org>

References:
- HFS+ specific vulnerability
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: HFS+ specific vulnerability
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: HFS+ specific vulnerability
  - From: Brian May <bam@debian.org>
- Re: HFS+ specific vulnerability
  - From: Brian May <bam@debian.org>
- Re: HFS+ specific vulnerability
  - From: Brian May <bam@debian.org>
- Re: HFS+ specific vulnerability
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: HFS+ specific vulnerability
Next by Date: Re: Debian LTS: uploaded packages to wheezy-security not available
Previous by thread: Re: HFS+ specific vulnerability
Next by thread: Re: HFS+ specific vulnerability
Index(es):
- Date
- Thread