The patch fixes the security issue.
On the other hand the path of exploitation reveals that there are also some
missing checks
and some conditions should be handled in a different way.
So I'll write tests for this and will handle checks more robustly to remove
other similar possibilities in the future.
> general, we wouldn't normally keep security bugs private when the fix is
> already out-in-the-open since smart hackers can usually reverse engineer
> these things to deduce the presence of a bug just from the commit which
> fixes it. However, this is your bug so you get to make the call -
>
Usually it makes sense. In this case it's far from clear that this is a
security
fix (usually is very clear) so I adopted this uncommon process.
I think in the future patches (I'll obviously wait till packages are out,
at least
3 months) I'll explain all the security issue and quote the CVE.
Il giorno gio 11 lug 2019 alle ore 12:20 Alex Murray <
<email address hidden>> ha scritto:
> Is the temporary patch /github. com/FreeTDS/ freetds/ commit/ 0df4eb82a0e3ff8 44e373d7c9f9c6c 813925e2ac
>
> https:/
> expected to be the final and authoritative fix for this issue? In
>
The patch fixes the security issue.
On the other hand the path of exploitation reveals that there are also some
missing checks
and some conditions should be handled in a different way.
So I'll write tests for this and will handle checks more robustly to remove
other similar possibilities in the future.
> general, we wouldn't normally keep security bugs private when the fix is
> already out-in-the-open since smart hackers can usually reverse engineer
> these things to deduce the presence of a bug just from the commit which
> fixes it. However, this is your bug so you get to make the call -
>
Usually it makes sense. In this case it's far from clear that this is a
security
fix (usually is very clear) so I adopted this uncommon process.
I think in the future patches (I'll obviously wait till packages are out,
at least
3 months) I'll explain all the security issue and quote the CVE.
> although once CVE is announced publicly then the bug should become /bugs.launchpad .net/bugs/ 1835896 /bugs.launchpad .net/ubuntu/ +source/ freetds/ +bug/1835896/ +subscriptions
> public too regardless.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Heap overflow if UDT type is used with protocol 5.0
>
> To manage notifications about this bug go to:
>
> https:/
>